From 328118aa798878a68398b92ba85adfb630bc5434 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 25 May 2005 16:18:09 +1000 Subject: - (dtucker) [auth-pam.c] Since people don't seem to be getting the message that USE_POSIX_THREADS is unsupported, not recommended and generally a bad idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use USE_POSIX_THREADS will now generate an error so we don't silently change behaviour. ok djm@ --- auth-pam.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'auth-pam.c') diff --git a/auth-pam.c b/auth-pam.c index 6ce8c429b..a8d372aac 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -76,7 +76,17 @@ extern Buffer loginmsg; extern int compat20; extern u_int utmp_len; +/* so we don't silently change behaviour */ #ifdef USE_POSIX_THREADS +# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK" +#endif + +/* + * Formerly known as USE_POSIX_THREADS, using this is completely unsupported + * and generally a bad idea. Use at own risk and do not expect support if + * this breaks. + */ +#ifdef UNSUPPORTED_POSIX_THREADS_HACK #include /* * Avoid namespace clash when *not* using pthreads for systems *with* @@ -98,7 +108,7 @@ struct pam_ctxt { static void sshpam_free_ctx(void *); static struct pam_ctxt *cleanup_ctxt; -#ifndef USE_POSIX_THREADS +#ifndef UNSUPPORTED_POSIX_THREADS_HACK /* * Simulate threads with processes. */ @@ -255,7 +265,7 @@ import_environments(Buffer *b) debug3("PAM: %s entering", __func__); -#ifndef USE_POSIX_THREADS +#ifndef UNSUPPORTED_POSIX_THREADS_HACK /* Import variables set by do_pam_account */ sshpam_account_status = buffer_get_int(b); sshpam_password_change_required(buffer_get_int(b)); @@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp) struct pam_conv sshpam_conv; int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); -#ifndef USE_POSIX_THREADS +#ifndef UNSUPPORTED_POSIX_THREADS_HACK extern char **environ; char **env_from_pam; u_int i; @@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp) buffer_put_cstring(&buffer, "OK"); -#ifndef USE_POSIX_THREADS +#ifndef UNSUPPORTED_POSIX_THREADS_HACK /* Export variables set by do_pam_account */ buffer_put_int(&buffer, sshpam_account_status); buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); @@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp) buffer_put_int(&buffer, i); for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) buffer_put_cstring(&buffer, env_from_pam[i]); -#endif /* USE_POSIX_THREADS */ +#endif /* UNSUPPORTED_POSIX_THREADS_HACK */ /* XXX - can't do much about an error here */ ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); -- cgit v1.2.3 From f08bdb5a7e599ff95c72df7a92def141360c9b80 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 26 May 2005 19:59:48 +1000 Subject: - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: warning: dereferencing type-punned pointer will break strict-aliasing rules warning: passing arg 3 of `pam_get_item' from incompatible pointer type The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ --- ChangeLog | 6 +++++- auth-pam.c | 26 ++++++++++++++++++-------- 2 files changed, 23 insertions(+), 9 deletions(-) (limited to 'auth-pam.c') diff --git a/ChangeLog b/ChangeLog index c153fd19f..4dec60c1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,10 @@ ok deraadt@, cloder@, djm@ - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on Cygwin. + - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: + warning: dereferencing type-punned pointer will break strict-aliasing rules + warning: passing arg 3 of `pam_get_item' from incompatible pointer type + The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] @@ -2596,4 +2600,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3787 2005/05/26 03:43:57 dtucker Exp $ +$Id: ChangeLog,v 1.3788 2005/05/26 09:59:48 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index a8d372aac..db80017ef 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.123 2005/05/26 09:59:48 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -56,6 +56,13 @@ RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); #include #endif +/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */ +#ifdef PAM_SUN_CODEBASE +# define sshpam_const /* Solaris, HP-UX, AIX */ +#else +# define sshpam_const const /* LinuxPAM, OpenPAM */ +#endif + #include "auth.h" #include "auth-pam.h" #include "buffer.h" @@ -300,7 +307,7 @@ import_environments(Buffer *b) * Conversation function for authentication thread. */ static int -sshpam_thread_conv(int n, struct pam_message **msg, +sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { Buffer buffer; @@ -399,8 +406,10 @@ sshpam_thread(void *ctxtp) char **env_from_pam; u_int i; const char *pam_user; + const char **ptr_pam_user = &pam_user; - pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user); + pam_get_item(sshpam_handle, PAM_USER, + (sshpam_const void **)ptr_pam_user); environ[0] = NULL; if (sshpam_authctxt != NULL) { @@ -492,7 +501,7 @@ sshpam_thread_cleanup(void) } static int -sshpam_null_conv(int n, struct pam_message **msg, +sshpam_null_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { debug3("PAM: %s entering, %d messages", __func__, n); @@ -502,7 +511,7 @@ sshpam_null_conv(int n, struct pam_message **msg, static struct pam_conv null_conv = { sshpam_null_conv, NULL }; static int -sshpam_store_conv(int n, struct pam_message **msg, +sshpam_store_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { struct pam_response *reply; @@ -571,11 +580,12 @@ sshpam_init(Authctxt *authctxt) { extern char *__progname; const char *pam_rhost, *pam_user, *user = authctxt->user; + const char **ptr_pam_user = &pam_user; if (sshpam_handle != NULL) { /* We already have a PAM context; check if the user matches */ sshpam_err = pam_get_item(sshpam_handle, - PAM_USER, (void **)&pam_user); + PAM_USER, (sshpam_const void **)ptr_pam_user); if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) return (0); pam_end(sshpam_handle, sshpam_err); @@ -891,7 +901,7 @@ do_pam_setcred(int init) } static int -sshpam_tty_conv(int n, struct pam_message **msg, +sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { char input[PAM_MAX_MSG_SIZE]; @@ -1050,7 +1060,7 @@ free_pam_environment(char **env) * display. */ static int -sshpam_passwd_conv(int n, struct pam_message **msg, +sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { struct pam_response *reply; -- cgit v1.2.3 From 4f1adad4f65d63645689d2d947876848b0813390 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jul 2005 11:33:06 +1000 Subject: - (dtucker) [auth-pam.c] Ensure that only one side of the authentication socketpair stays open on in both the monitor and PAM process. Patch from Joerg Sonnenberger. --- ChangeLog | 7 ++++++- auth-pam.c | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'auth-pam.c') diff --git a/ChangeLog b/ChangeLog index 9ab5e94e1..d46f02d2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20050716 + - (dtucker) [auth-pam.c] Ensure that only one side of the authentication + socketpair stays open on in both the monitor and PAM process. Patch from + Joerg Sonnenberger. + 20050714 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2005/07/06 09:33:05 @@ -2825,4 +2830,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3845 2005/07/14 07:22:11 dtucker Exp $ +$Id: ChangeLog,v 1.3846 2005/07/16 01:33:06 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index db80017ef..fecba5de0 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.123 2005/05/26 09:59:48 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.124 2005/07/16 01:33:06 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -157,6 +157,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused, void *(*thread_start)(void *), void *arg) { pid_t pid; + struct pam_ctxt *ctx = arg; sshpam_thread_status = -1; switch ((pid = fork())) { @@ -164,10 +165,14 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused, error("fork(): %s", strerror(errno)); return (-1); case 0: + close(ctx->pam_psock); + ctx->pam_psock = -1; thread_start(arg); _exit(1); default: *thread = pid; + close(ctx->pam_csock); + ctx->pam_csock = -1; sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler); return (0); } -- cgit v1.2.3 From 94cf4c8448bab8f1ad563868089bb0ea1ff92213 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:04:47 +1000 Subject: - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") --- ChangeLog | 5 ++- acss.c | 128 +++++++++++++++++++++++++++--------------------------- auth-pam.c | 8 ++-- auth-shadow.c | 4 +- auth-skey.c | 2 +- auth1.c | 4 +- canohost.c | 2 +- cipher-acss.c | 6 +-- loginrec.c | 34 +++++++-------- ssh-rand-helper.c | 4 +- sshd.c | 2 +- 11 files changed, 101 insertions(+), 98 deletions(-) (limited to 'auth-pam.c') diff --git a/ChangeLog b/ChangeLog index 08b382213..774cf1a97 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing + - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] + [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL + in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2837,4 +2840,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3847 2005/07/17 07:02:09 djm Exp $ +$Id: ChangeLog,v 1.3848 2005/07/17 07:04:47 djm Exp $ diff --git a/acss.c b/acss.c index 9364ba9fe..99efde071 100644 --- a/acss.c +++ b/acss.c @@ -1,4 +1,4 @@ -/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ +/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */ /* * Copyright (c) 2004 The OpenBSD project * @@ -24,37 +24,37 @@ /* decryption sbox */ static unsigned char sboxdec[] = { - 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, - 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, - 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, - 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, - 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, - 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, - 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, - 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, - 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, - 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, - 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, - 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, - 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, - 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, - 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, - 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, - 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, - 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, - 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, - 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, - 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, - 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, - 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, - 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, - 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, - 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, - 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, - 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, - 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, - 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, - 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, + 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, + 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, + 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, + 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, + 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, + 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, + 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, + 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, + 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, + 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, + 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, + 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, + 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, + 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, + 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, + 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, + 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, + 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, + 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, + 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, + 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, + 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, + 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, + 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, + 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, + 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, + 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, + 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, + 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, + 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, + 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff }; @@ -95,38 +95,38 @@ static unsigned char sboxenc[] = { }; static unsigned char reverse[] = { - 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, - 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, - 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, - 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, - 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, - 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, - 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, - 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, - 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, - 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, - 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, - 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, - 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, - 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, - 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, - 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, - 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, - 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, - 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, - 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, - 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, - 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, - 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, - 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, - 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, - 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, - 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, - 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, - 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, - 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, - 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, - 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff + 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, + 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, + 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, + 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, + 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, + 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, + 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, + 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, + 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, + 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, + 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, + 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, + 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, + 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, + 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, + 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, + 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, + 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, + 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, + 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, + 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, + 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, + 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, + 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, + 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, + 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, + 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, + 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, + 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, + 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, + 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, + 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff }; /* diff --git a/auth-pam.c b/auth-pam.c index fecba5de0..4a2841924 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.124 2005/07/16 01:33:06 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.125 2005/07/17 07:04:47 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -123,7 +123,7 @@ static struct pam_ctxt *cleanup_ctxt; static int sshpam_thread_status = -1; static mysig_t sshpam_oldsig; -static void +static void sshpam_sigchld_handler(int sig) { signal(SIGCHLD, SIG_DFL); @@ -853,7 +853,7 @@ do_pam_account(void) sshpam_err = pam_acct_mgmt(sshpam_handle, 0); debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, pam_strerror(sshpam_handle, sshpam_err)); - + if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; return (sshpam_account_status); @@ -1111,7 +1111,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, *resp = reply; return (PAM_SUCCESS); - fail: + fail: for(i = 0; i < n; i++) { if (reply[i].resp != NULL) xfree(reply[i].resp); diff --git a/auth-shadow.c b/auth-shadow.c index f6004f68f..59737b93c 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include @@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt) #if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) { struct pr_passwd *pr; - + pr = getprpwnam((char *)user); /* Test for Trusted Mode expiry disabled */ diff --git a/auth-skey.c b/auth-skey.c index ac1af69ed..f676dbec9 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -47,7 +47,7 @@ skey_query(void *ctx, char **name, char **infotxt, int len; struct skey skey; - if (_compat_skeychallenge(&skey, authctxt->user, challenge, + if (_compat_skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1) return -1; diff --git a/auth1.c b/auth1.c index ff937f80f..74e213d13 100644 --- a/auth1.c +++ b/auth1.c @@ -171,7 +171,7 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) key_free(client_host_key); snprintf(info, infolen, " ruser %.100s", client_user); - + return (authenticated); } @@ -299,7 +299,7 @@ do_authloop(Authctxt *authctxt) #ifdef HAVE_CYGWIN if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, authctxt->pw)) { packet_disconnect("Authentication rejected for uid %d.", authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); diff --git a/canohost.c b/canohost.c index 04dc3d182..c27086bfd 100644 --- a/canohost.c +++ b/canohost.c @@ -174,7 +174,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) struct in_addr inaddr; u_int16_t port; - if (addr->ss_family != AF_INET6 || + if (addr->ss_family != AF_INET6 || !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr)) return; diff --git a/cipher-acss.c b/cipher-acss.c index 3a966a74d..a95fa6747 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -17,7 +17,7 @@ #include "includes.h" #include -RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $"); +RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $"); #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) @@ -33,7 +33,7 @@ typedef struct { #define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 static int -acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); @@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int -acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, +acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { acss(&data(ctx)->ks,inl,in,out); diff --git a/loginrec.c b/loginrec.c index 2543617ba..5d6e120c4 100644 --- a/loginrec.c +++ b/loginrec.c @@ -165,7 +165,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.68 2005/06/19 00:19:43 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.69 2005/07/17 07:04:47 djm Exp $"); /** ** prototypes for helper functions in this file @@ -362,7 +362,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username, strlcpy(li->username, username, sizeof(li->username)); pw = getpwnam(li->username); if (pw == NULL) { - fatal("%s: Cannot find user \"%s\"", __func__, + fatal("%s: Cannot find user \"%s\"", __func__, li->username); } li->uid = pw->pw_uid; @@ -374,7 +374,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username, return (1); } -/* +/* * login_set_current_time(struct logininfo *) - set the current time * * Set the current time in a logininfo structure. This function is @@ -443,7 +443,7 @@ login_write(struct logininfo *li) wtmpx_write_entry(li); #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN - if (li->type == LTYPE_LOGIN && + if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif @@ -558,7 +558,7 @@ line_stripname(char *dst, const char *src, int dstsize) return (dst); } -/* +/* * line_abbrevname(): Return the abbreviated (usually four-character) * form of the line (Just use the last characters of the * full name.) @@ -808,7 +808,7 @@ utmp_write_library(struct logininfo *li, struct utmp *ut) } # else /* UTMP_USE_LIBRARY */ -/* +/* * Write a utmp entry direct to the file * This is a slightly modification of code in OpenBSD's login.c */ @@ -852,7 +852,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %d slot in %s", + logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); return (0); } @@ -1052,7 +1052,7 @@ utmpx_write_entry(struct logininfo *li) #ifdef USE_WTMP -/* +/* * Write a wtmp entry direct to the end of the file * This is a slight modification of code in OpenBSD's logwtmp.c */ @@ -1113,7 +1113,7 @@ wtmp_write_entry(struct logininfo *li) } -/* +/* * Notes on fetching login data from wtmp/wtmpx * * Logouts are usually recorded with (amongst other things) a blank @@ -1157,12 +1157,12 @@ wtmp_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMP_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("%s: couldn't stat %s: %s", __func__, + logit("%s: couldn't stat %s: %s", __func__, WTMP_FILE, strerror(errno)); close(fd); return (0); @@ -1177,7 +1177,7 @@ wtmp_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) { - logit("%s: read of %s failed: %s", __func__, + logit("%s: read of %s failed: %s", __func__, WTMP_FILE, strerror(errno)); close (fd); return (0); @@ -1235,7 +1235,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) int fd, ret = 1; if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } @@ -1322,12 +1322,12 @@ wtmpx_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("%s: couldn't stat %s: %s", __func__, + logit("%s: couldn't stat %s: %s", __func__, WTMPX_FILE, strerror(errno)); close(fd); return (0); @@ -1342,13 +1342,13 @@ wtmpx_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) { - logit("%s: read of %s failed: %s", __func__, + logit("%s: read of %s failed: %s", __func__, WTMPX_FILE, strerror(errno)); close (fd); return (0); } /* - * Logouts are recorded as a blank username on a particular + * Logouts are recorded as a blank username on a particular * line. So, we just need to find the username in struct utmpx */ if (wtmpx_islogin(li, &utx)) { diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index aab51fdf7..5486a4632 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.24 2005/06/19 00:19:44 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.25 2005/07/17 07:04:47 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -600,7 +600,7 @@ prng_write_seedfile(void) save_errno = errno; unlink(tmpseed); fatal("problem renaming PRNG seedfile from %.100s " - "to %.100s (%.100s)", tmpseed, filename, + "to %.100s (%.100s)", tmpseed, filename, strerror(save_errno)); } } diff --git a/sshd.c b/sshd.c index b0d65575f..40da37513 100644 --- a/sshd.c +++ b/sshd.c @@ -1034,7 +1034,7 @@ main(int ac, char **av) /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment - */ + */ if (getenv("KRB5CCNAME") != NULL) unsetenv("KRB5CCNAME"); -- cgit v1.2.3 From 37294fb6307202e6f52d7046b3ddb56a4786d27f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:18:49 +1000 Subject: - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line --- ChangeLog | 3 ++- auth-pam.c | 10 +++++----- sftp.c | 8 ++++---- 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'auth-pam.c') diff --git a/ChangeLog b/ChangeLog index 774cf1a97..647ad0160 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") + - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2840,4 +2841,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3848 2005/07/17 07:04:47 djm Exp $ +$Id: ChangeLog,v 1.3849 2005/07/17 07:18:49 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 4a2841924..0446cd559 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.125 2005/07/17 07:04:47 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -130,7 +130,7 @@ sshpam_sigchld_handler(int sig) if (cleanup_ctxt == NULL) return; /* handler called after PAM cleanup, shouldn't happen */ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) - <= 0) { + <= 0) { /* PAM thread has not exitted, privsep slave must have */ kill(cleanup_ctxt->pam_thread, SIGTERM); if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) @@ -780,7 +780,7 @@ sshpam_respond(void *ctx, u_int num, char **resp) buffer_init(&buffer); if (sshpam_authctxt->valid && (sshpam_authctxt->pw->pw_uid != 0 || - options.permit_root_login == PERMIT_YES)) + options.permit_root_login == PERMIT_YES)) buffer_put_cstring(&buffer, *resp); else buffer_put_cstring(&buffer, badpw); @@ -1144,7 +1144,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) * information via timing (eg if the PAM config has a delay on fail). */ if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && - options.permit_root_login != PERMIT_YES)) + options.permit_root_login != PERMIT_YES)) sshpam_password = badpw; sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, @@ -1158,7 +1158,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) if (sshpam_err == PAM_SUCCESS && authctxt->valid) { debug("PAM: password authentication accepted for %.100s", authctxt->user); - return 1; + return 1; } else { debug("PAM: password authentication failed for %.100s: %s", authctxt->valid ? authctxt->user : "an illegal user", diff --git a/sftp.c b/sftp.c index a77be84c6..6dff39ede 100644 --- a/sftp.c +++ b/sftp.c @@ -1299,8 +1299,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); #else - setlinebuf(stdout); - setlinebuf(infile); + setlinebuf(stdout); + setlinebuf(infile); #endif err = 0; @@ -1562,8 +1562,8 @@ main(int argc, char **argv) err = interactive_loop(in, out, file1, file2); #if !defined(USE_PIPES) - shutdown(in, SHUT_RDWR); - shutdown(out, SHUT_RDWR); + shutdown(in, SHUT_RDWR); + shutdown(out, SHUT_RDWR); #endif close(in); -- cgit v1.2.3