From cc7c212830e3f5adabe1996e6b498f01e963cfee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 2 Feb 2006 18:44:19 +1100 Subject: - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 70e26deea..6b5ec8636 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322 2006/01/29 13:22:39 dtucker Exp $ +# $Id: configure.ac,v 1.323 2006/02/02 07:44:19 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1832,7 +1832,7 @@ AC_COMPILE_IFELSE( [AC_LANG_SOURCE([[ #include #include -int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)} +int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);} ]])], [ AC_MSG_RESULT(no) -- cgit v1.2.3 From fd80ddcb2349e2ac28f4fc6f682c20c8d1dc06ad Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 2 Feb 2006 19:11:56 -0800 Subject: - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run by a platform specific check, builtin standard includes tests will be skipped on the other platforms. Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. OK tim@, djm@. --- ChangeLog | 10 +++++++++- configure.ac | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 8943f0e96..e99ae9d5d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060203 + - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first + AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run + by a platform specific check, builtin standard includes tests will be + skipped on the other platforms. + Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. + OK tim@, djm@. + 20060202 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. @@ -3822,4 +3830,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4119 2006/02/02 07:44:19 dtucker Exp $ +$Id: ChangeLog,v 1.4120 2006/02/03 03:11:56 tim Exp $ diff --git a/configure.ac b/configure.ac index 6b5ec8636..fe034aca6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.323 2006/02/02 07:44:19 dtucker Exp $ +# $Id: configure.ac,v 1.324 2006/02/03 03:11:56 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -27,6 +27,7 @@ AC_PROG_AWK AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL +AC_PROG_EGREP AC_PATH_PROG(AR, ar) AC_PATH_PROG(CAT, cat) AC_PATH_PROG(KILL, kill) -- cgit v1.2.3 From 0daad78fab0ff6b6b4064e3e7a5090d258d945a8 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:33:55 -0800 Subject: - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index e99ae9d5d..10fea4e89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060205 + - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test + for Solaris. OK dtucker@. + 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run @@ -3830,4 +3834,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4120 2006/02/03 03:11:56 tim Exp $ +$Id: ChangeLog,v 1.4121 2006/02/05 01:33:55 tim Exp $ diff --git a/configure.ac b/configure.ac index fe034aca6..d64daf219 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.324 2006/02/03 03:11:56 tim Exp $ +# $Id: configure.ac,v 1.325 2006/02/05 01:33:55 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,6 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) +AC_REVISION($Revision: 1.325 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -673,7 +674,6 @@ AC_CHECK_HEADERS( \ glob.h \ ia.h \ iaf.h \ - lastlog.h \ limits.h \ login.h \ login_cap.h \ @@ -724,6 +724,13 @@ AC_CHECK_HEADERS( \ vis.h \ ) +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + # sys/ptms.h requires sys/stream.h to be included first on Solaris AC_CHECK_HEADERS(sys/ptms.h, [], [], [ #ifdef HAVE_SYS_STREAM_H -- cgit v1.2.3 From 70335a6b5f54b9e9e2460cb22957c872d7eca5fb Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:42:58 -0800 Subject: - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by kraai at ftbfs.org. --- ChangeLog | 4 +++- configure.ac | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 10fea4e89..61faee92e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. + - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by + kraai at ftbfs.org. 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first @@ -3834,4 +3836,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4121 2006/02/05 01:33:55 tim Exp $ +$Id: ChangeLog,v 1.4122 2006/02/05 01:42:58 tim Exp $ diff --git a/configure.ac b/configure.ac index d64daf219..8c6551453 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.325 2006/02/05 01:33:55 tim Exp $ +# $Id: configure.ac,v 1.326 2006/02/05 01:42:58 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.325 $) +AC_REVISION($Revision: 1.326 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -577,12 +577,13 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) ;; -*-*-nto-qnx) +*-*-nto-qnx*) AC_DEFINE(USE_PIPES) AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) + AC_DEFINE(DISABLE_LASTLOG) ;; *-*-ultrix*) -- cgit v1.2.3 From ac9b0609e17e36fec8fc4d4bc8f805696fbffc08 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 5 Feb 2006 11:27:10 -0800 Subject: - (tim) [configure.ac] Remove unnecessary tests for net/if.h and netinet/in_systm.h. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 6 ++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 61faee92e..3fce05b78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060206 + - (tim) [configure.ac] Remove unnecessary tests for net/if.h and + netinet/in_systm.h. OK dtucker@. + 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. @@ -3836,4 +3840,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4122 2006/02/05 01:42:58 tim Exp $ +$Id: ChangeLog,v 1.4123 2006/02/05 19:27:10 tim Exp $ diff --git a/configure.ac b/configure.ac index 8c6551453..f27320e56 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.326 2006/02/05 01:42:58 tim Exp $ +# $Id: configure.ac,v 1.327 2006/02/05 19:27:10 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.326 $) +AC_REVISION($Revision: 1.327 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -680,10 +680,8 @@ AC_CHECK_HEADERS( \ login_cap.h \ maillock.h \ ndir.h \ - net/if.h \ netdb.h \ netgroup.h \ - netinet/in_systm.h \ pam/pam_appl.h \ paths.h \ pty.h \ -- cgit v1.2.3 From 988b3fd161e678c7efc5a9974b51ecc3e2ad8a7b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 8 Feb 2006 22:11:27 +1100 Subject: - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ --- ChangeLog | 4 +++- configure.ac | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 19734bdc6..357d7a8cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. + - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP + -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and @@ -3845,4 +3847,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4124 2006/02/07 23:17:44 tim Exp $ +$Id: ChangeLog,v 1.4125 2006/02/08 11:11:27 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f27320e56..ca381c770 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.327 2006/02/05 19:27:10 tim Exp $ +# $Id: configure.ac,v 1.328 2006/02/08 11:11:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.327 $) +AC_REVISION($Revision: 1.328 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -345,7 +345,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) fi ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) + AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -589,7 +589,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-ultrix*) AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPRGP) + AC_DEFINE(NEED_SETPGRP) AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) ;; -- cgit v1.2.3 From 2f993465d4584c1eb188e02fde1f0da9dbb4fc88 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 11 Feb 2006 18:37:48 -0800 Subject: - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. --- ChangeLog | 3 ++- configure.ac | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 969180384..b60041f59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060212 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned to silence compiler warning, from vinschen at redhat.com. + - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. 20060208 - (tim) [session.c] Logout records were not updated on systems with @@ -3851,4 +3852,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4126 2006/02/12 00:59:08 dtucker Exp $ +$Id: ChangeLog,v 1.4127 2006/02/12 02:37:48 tim Exp $ diff --git a/configure.ac b/configure.ac index ca381c770..7fcca216a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.328 2006/02/08 11:11:28 dtucker Exp $ +# $Id: configure.ac,v 1.329 2006/02/12 02:37:48 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.328 $) +AC_REVISION($Revision: 1.329 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -584,6 +584,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) + enable_etc_default_login=no # has incompatible /etc/default/login ;; *-*-ultrix*) -- cgit v1.2.3 From 4881c371cef5e3c1065d7dfa314fffc3a5ab0256 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 19 Feb 2006 22:50:20 +1100 Subject: - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] Add first attempt at regress tests for compat library. ok djm@ --- ChangeLog | 6 ++- Makefile.in | 5 ++- configure.ac | 6 +-- openbsd-compat/regress/Makefile.in | 39 +++++++++++++++++++ openbsd-compat/regress/snprintftest.c | 72 +++++++++++++++++++++++++++++++++++ openbsd-compat/regress/strduptest.c | 42 ++++++++++++++++++++ openbsd-compat/regress/strtonumtest.c | 66 ++++++++++++++++++++++++++++++++ 7 files changed, 231 insertions(+), 5 deletions(-) create mode 100644 openbsd-compat/regress/Makefile.in create mode 100644 openbsd-compat/regress/snprintftest.c create mode 100644 openbsd-compat/regress/strduptest.c create mode 100644 openbsd-compat/regress/strtonumtest.c (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index fd1d9d2ba..67369376f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060219 + - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] + Add first attempt at regress tests for compat library. ok djm@ + 20060214 - (tim) [buildpkg.sh.in] Make the names consistent. s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ @@ -3859,4 +3863,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4129 2006/02/13 20:46:44 tim Exp $ +$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index af881c521..1baffb4df 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $ +# $Id: Makefile.in,v 1.275 2006/02/19 11:50:20 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -410,6 +410,9 @@ tests: $(TARGETS) EXEEXT="$(EXEEXT)" \ $@ +compat-tests: $(LIBCOMPAT) + (cd openbsd-compat/regress && $(MAKE)) + regressclean: if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ diff --git a/configure.ac b/configure.ac index 7fcca216a..c4feaf752 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.329 2006/02/12 02:37:48 tim Exp $ +# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.329 $) +AC_REVISION($Revision: 1.330 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3729,7 +3729,7 @@ CFLAGS="$CFLAGS $werror_flags" AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ - scard/Makefile ssh_prng_cmds survey.sh]) + openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in new file mode 100644 index 000000000..51383a777 --- /dev/null +++ b/openbsd-compat/regress/Makefile.in @@ -0,0 +1,39 @@ +# $Id: Makefile.in,v 1.1 2006/02/19 11:50:20 dtucker Exp $ + +sysconfdir=@sysconfdir@ +piddir=@piddir@ +srcdir=@srcdir@ +top_srcdir=@top_srcdir@ + +VPATH=@srcdir@ +CC=@CC@ +LD=@LD@ +CFLAGS=@CFLAGS@ +CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ +LIBS=@LIBS@ +LDFLAGS=-L.. -lopenbsd-compat @LDFLAGS@ + +LIBCOMPAT=../libopenbsd-compat.a +TESTPROGS=strtonumtest strduptest snprintftest + +all: t-exec ${OTHERTESTS} + +t-exec: $(TESTPROGS) + @echo running compat regress tests + @for TEST in ""$?; do \ + echo "run test $${TEST}" ... 1>&2; \ + ./$${TEST} || exit $$? ; \ + done + @echo finished compat regress tests + +strtonumtest: strtonumtest.c $(LIBCOMPAT) + $(CC) $(CFLAGS) $(CPPFLAGS) -o strtonumtest $< $(LDFLAGS) + +strduptest: strduptest.c $(LIBCOMPAT) + $(CC) $(CFLAGS) $(CPPFLAGS) -o strduptest $< $(LDFLAGS) + +clean: + rm -f *.o *.a core $(TESTPROGS) valid.out + +distclean: clean + rm -f Makefile *~ diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c new file mode 100644 index 000000000..e25bf223f --- /dev/null +++ b/openbsd-compat/regress/snprintftest.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2005 Darren Tucker + * Copyright (c) 2005 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define BUFSZ 2048 + +#include +#include +#include +#include + +static int failed = 0; + +static void +fail(const char *m) +{ + fprintf(stderr, "%s", m); + failed = 1; +} + +int x_snprintf(char *str, size_t count, const char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} + +int +main(void) +{ + char b[5]; + char *src; + + snprintf(b,5,"123456789"); + if (b[4] != '\0') + fail("snprintf does not correctly terminate long strings"); + + /* check for read overrun on unterminated string */ + if ((src = malloc(BUFSZ)) == NULL) { + fail("malloc failed"); + } else { + memset(src, 'a', BUFSZ); + snprintf(b, sizeof(b), "%.*s", 1, src); + if (strcmp(b, "a") != 0) + fail("failed with length limit '%%.s'"); + } + + /* check that snprintf and vsnprintf return sane values */ + if (snprintf(b, 1, "%s %d", "hello", 12345) != 11) + fail("snprintf does not return required length"); + if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11) + fail("vsnprintf does not return required length"); + + return failed; +} diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c new file mode 100644 index 000000000..664a48ef4 --- /dev/null +++ b/openbsd-compat/regress/strduptest.c @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +static int fail = 0; + +void +test(const char *a) +{ + char *b; + + b = strdup(a); + if (b == 0) { + fail = 1; + return; + } + if (strcmp(a, b) != 0) + fail = 1; + free(b); +} + +int +main(void) +{ + test(""); + test("a"); + test("\0"); + test("abcdefghijklmnopqrstuvwxyz"); + return fail; +} diff --git a/openbsd-compat/regress/strtonumtest.c b/openbsd-compat/regress/strtonumtest.c new file mode 100644 index 000000000..cb8585129 --- /dev/null +++ b/openbsd-compat/regress/strtonumtest.c @@ -0,0 +1,66 @@ +/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */ +/* + * Copyright (c) 2004 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ + +#include +#include +#include + +int fail; + +void +test(const char *p, long long lb, long long ub, int ok) +{ + long long val; + const char *q; + + val = strtonum(p, lb, ub, &q); + if (ok && q != NULL) { + fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub); + fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q); + fail = 1; + } else if (!ok && q == NULL) { + fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val); + fprintf(stderr, "NUMBER ACCEPTED\n"); + fail = 1; + } +} + +int main(int argc, char *argv[]) +{ + test("1", 0, 10, 1); + test("0", -2, 5, 1); + test("0", 2, 5, 0); + test("0", 2, LLONG_MAX, 0); + test("-2", 0, LLONG_MAX, 0); + test("0", -5, LLONG_MAX, 1); + test("-3", -3, LLONG_MAX, 1); + test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1); + test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1); + test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0); + test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0); + test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-2", 10, -1, 0); + test("-2", -10, -1, 1); + test("-20", -10, -1, 0); + test("20", -10, -1, 0); + + return (fail); +} + -- cgit v1.2.3 From fabdb6c29022846ed10fde235db0a7c53f21a6b1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Feb 2006 20:17:35 +1100 Subject: - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] Add optional enabling of OpenSSL's (hardware) Engine support, via configure --with-ssl-engine. Based in part on a diff by michal at logix.cz. --- ChangeLog | 8 +++++++- INSTALL | 4 +++- configure.ac | 22 ++++++++++++++++++++-- openbsd-compat/openssl-compat.c | 20 ++++++++++++++++++-- openbsd-compat/openssl-compat.h | 15 ++++++++------- 5 files changed, 56 insertions(+), 13 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 67369376f..2c0bd1e9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060220 + - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] + Add optional enabling of OpenSSL's (hardware) Engine support, via + configure --with-ssl-engine. Based in part on a diff by michal at + logix.cz. + 20060219 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] Add first attempt at regress tests for compat library. ok djm@ @@ -3863,4 +3869,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $ +$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 753d2d061..38f39473f 100644 --- a/INSTALL +++ b/INSTALL @@ -165,6 +165,8 @@ created. --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries are installed. +--with-ssl-engine enables OpenSSL's (hardware) ENGINE support + --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -225,4 +227,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ +$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c4feaf752..eb24fa00e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $ +# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.330 $) +AC_REVISION($Revision: 1.331 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1834,6 +1834,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +AC_ARG_WITH(ssl-engine, + [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], + [ if test "x$withval" != "xno" ; then + AC_MSG_CHECKING(for OpenSSL ENGINE support) + AC_TRY_COMPILE( + [ #include ], + [ +int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} + ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(USE_OPENSSL_ENGINE, 1, + [Enable OpenSSL engine support]) + ], + [ AC_MSG_ERROR(OpenSSL ENGINE support not found)] + ) + fi ] +) + # Check for OpenSSL without EVP_aes_{192,256}_cbc AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) AC_COMPILE_IFELSE( diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index b690e8fe6..763f84734 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -18,7 +18,11 @@ #include "includes.h" -#define SSH_DONT_REDEF_EVP +#ifdef USE_OPENSSL_ENGINE +# include +#endif + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" #ifdef SSH_OLD_EVP @@ -44,3 +48,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) return 1; } #endif + +void +ssh_SSLeay_add_all_algorithms(void) +{ + SSLeay_add_all_algorithms(); + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 8a015ec43..1196d71ea 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -54,21 +54,22 @@ extern const EVP_CIPHER *evp_acss(void); * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and * implement the ssh_* equivalents. */ -#ifdef SSH_OLD_EVP - -# ifndef SSH_DONT_REDEF_EVP +#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS +# ifdef SSH_OLD_EVP # ifdef EVP_Cipher # undef EVP_Cipher # endif - # define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) # define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) -# endif +# endif /* SSH_OLD_EVP */ + +# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() +void ssh_SSLeay_add_all_algorithms(void); int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -#endif +#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ -- cgit v1.2.3 From 54b75fe742c43aeaca7277a4c310eba43d057e4d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 26 Feb 2006 12:31:48 +1100 Subject: - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY patch from kraai at ftbfs.org. --- ChangeLog | 10 +++++++--- configure.ac | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index d7213862f..09d74de42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,12 @@ -2006023 +20060226 + - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY + patch from kraai at ftbfs.org. + +20060223 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current reality. Pointed out by tryponraj at gmail.com. -2006022 +20060222 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only compile in compat code if required. @@ -3881,4 +3885,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $ +$Id: ChangeLog,v 1.4135 2006/02/26 01:31:48 dtucker Exp $ diff --git a/configure.ac b/configure.ac index eb24fa00e..0781d59fe 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $ +# $Id: configure.ac,v 1.332 2006/02/26 01:31:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.331 $) +AC_REVISION($Revision: 1.332 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -584,6 +584,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(SSHD_ACQUIRES_CTTY) enable_etc_default_login=no # has incompatible /etc/default/login ;; -- cgit v1.2.3 From d1450dbe2ab1cc06fd54af265014dfcf68c08cc1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 13 Mar 2006 19:06:51 +1100 Subject: - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) since not all platforms support it. Instead, use internal equivalent while computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* as it's no longer required. Tested by Bernhard Simon, ok djm@ --- ChangeLog | 8 +++++++- configure.ac | 53 +++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 44 insertions(+), 17 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 76129a5e4..f95f561f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060313 + - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) + since not all platforms support it. Instead, use internal equivalent while + computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* + as it's no longer required. Tested by Bernhard Simon, ok djm@ + 20060304 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a file rather than directory, required as Cygwin will be importing lastlog(1). @@ -3892,4 +3898,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4138 2006/03/03 22:00:19 dtucker Exp $ +$Id: ChangeLog,v 1.4139 2006/03/13 08:06:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 0781d59fe..adef4f675 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.332 2006/02/26 01:31:49 dtucker Exp $ +# $Id: configure.ac,v 1.333 2006/03/13 08:06:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.332 $) +AC_REVISION($Revision: 1.333 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2132,6 +2132,34 @@ if test -z "$have_llong_max"; then #define __USE_ISOC99 #include #define DATA "conftest.llminmax" +#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) + +/* + * printf in libc on some platforms (eg old Tru64) does not understand %lld so + * we do this the hard way. + */ +static int +fprint_ll(FILE *f, long long n) +{ + unsigned int i; + int l[sizeof(long long) * 8]; + + if (n < 0) + if (fprintf(f, "-") < 0) + return -1; + for (i = 0; n != 0; i++) { + l[i] = my_abs(n % 10); + n /= 10; + } + do { + if (fprintf(f, "%d", l[--i]) < 0) + return -1; + } while (i != 0); + if (fprintf(f, " ") < 0) + return -1; + return 0; +} + int main(void) { FILE *f; long long i, llmin, llmax = 0; @@ -2153,14 +2181,18 @@ int main(void) { /* Sanity check */ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax) { + || llmax - 1 > llmax || llmin == llmax || llmin == 0 + || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { fprintf(f, "unknown unknown\n"); exit(2); } - if (fprintf(f ,"%lld %lld", llmin, llmax) < 0) + if (fprint_ll(f, llmin) < 0) exit(3); - + if (fprint_ll(f, llmax) < 0) + exit(4); + if (fclose(f) < 0) + exit(5); exit(0); } ]])], @@ -2168,17 +2200,6 @@ int main(void) { llong_min=`$AWK '{print $1}' conftest.llminmax` llong_max=`$AWK '{print $2}' conftest.llminmax` - # snprintf on some Tru64s doesn't understand "%lld" - case "$host" in - alpha-dec-osf*) - if test "x$ac_cv_sizeof_long_long_int" = "x8" && - test "x$llong_max" = "xld"; then - llong_min="-9223372036854775808" - llong_max="9223372036854775807" - fi - ;; - esac - AC_MSG_RESULT($llong_max) AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], [max value of long long calculated by configure]) -- cgit v1.2.3 From af87af165f25b7db22e32c0b2e55606bc68c450c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:02:28 +1100 Subject: - (djm) [configure.ac defines.h kex.c md-sha256.c] [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] [openbsd-compat/sha2.c] First stab at portability glue for SHA256 KEX support, should work with libc SHA256 support or OpenSSL EVP_sha256 if present --- ChangeLog | 7 +- configure.ac | 15 +- defines.h | 18 +- kex.c | 4 + md-sha256.c | 7 +- openbsd-compat/openbsd-compat.h | 4 +- openbsd-compat/sha2.c | 876 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/sha2.h | 125 ++++++ openbsd-compat/xmmap.c | 4 +- 9 files changed, 1047 insertions(+), 13 deletions(-) create mode 100644 openbsd-compat/sha2.c create mode 100644 openbsd-compat/sha2.h (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 3cd994f2c..db0a4f633 100644 --- a/ChangeLog +++ b/ChangeLog @@ -242,6 +242,11 @@ using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet + - (djm) [configure.ac defines.h kex.c md-sha256.c] + [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] + [openbsd-compat/sha2.c] First stab at portability glue for SHA256 + KEX support, should work with libc SHA256 support or OpenSSL + EVP_sha256 if present 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4143,4 +4148,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4207 2006/03/15 01:08:28 djm Exp $ +$Id: ChangeLog,v 1.4208 2006/03/15 02:02:28 djm Exp $ diff --git a/configure.ac b/configure.ac index adef4f675..160493f06 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.333 2006/03/13 08:06:51 dtucker Exp $ +# $Id: configure.ac,v 1.334 2006/03/15 02:02:28 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.333 $) +AC_REVISION($Revision: 1.334 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -923,11 +923,9 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_EGREP_CPP(FOUNDIT, - [ - #include - int main(void){glob_t g; g.gl_matchc = 1;} - ], +AC_TRY_COMPILE(FOUNDIT, + [ #include ], + [glob_t g; g.gl_matchc = 1;], [ AC_DEFINE(GLOB_HAS_GL_MATCHC, 1, [Define if your system glob() function has @@ -1883,6 +1881,9 @@ if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") fi +# Search for SHA256 support in libc and/or OpenSSL +AC_CHECK_FUNCS(SHA256_Update EVP_sha256) + AC_CHECK_LIB(iaf, ia_openinfo) ### Configure cryptographic random number support diff --git a/defines.h b/defines.h index f25934176..9ecf18d5a 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */ +/* $Id: defines.h,v 1.131 2006/03/15 02:02:28 djm Exp $ */ /* Constants */ @@ -496,6 +496,22 @@ struct winsize { # define offsetof(type, member) ((size_t) &((type *)0)->member) #endif +/* Set up BSD-style BYTE_ORDER definition if it isn't there already */ +/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */ +#ifndef BYTE_ORDER +# ifndef LITTLE_ENDIAN +# define LITTLE_ENDIAN 1234 +# endif /* LITTLE_ENDIAN */ +# ifndef BIG_ENDIAN +# define BIG_ENDIAN 4321 +# endif /* BIG_ENDIAN */ +# ifdef WORDS_BIGENDIAN +# define BYTE_ORDER BIG_ENDIAN +# else /* WORDS_BIGENDIAN */ +# define BYTE_ORDER LITTLE_ENDIAN +# endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + /* Function replacement / compatibility hacks */ #if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO)) diff --git a/kex.c b/kex.c index 175613b40..70c2c9709 100644 --- a/kex.c +++ b/kex.c @@ -44,7 +44,11 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #define KEX_COOKIE_LEN 16 +#ifdef HAVE_EVP_SHA256 +# define evp_ssh_sha256 EVP_sha256 +#else /* HAVE_EVP_SHA256 */ extern const EVP_MD *evp_ssh_sha256(void); +#endif /* HAVE_EVP_SHA256 */ /* prototype */ static void kex_kexinit_finish(Kex *); diff --git a/md-sha256.c b/md-sha256.c index 08848f841..82c526d33 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -17,8 +17,10 @@ /* EVP wrapper for SHA256 */ #include "includes.h" + +#ifndef HAVE_EVP_SHA256 + #include -#include RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); @@ -69,3 +71,6 @@ evp_ssh_sha256(void) return (&ssh_sha256); } + +#endif /* HAVE_EVP_SHA256 */ + diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 1a3027353..9022c793f 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.34 2006/03/15 02:02:31 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -38,7 +38,7 @@ #include "readpassphrase.h" #include "vis.h" #include "getrrsetbyname.h" - +#include "sha2.h" #ifndef HAVE_BASENAME char *basename(const char *path); diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c new file mode 100644 index 000000000..d04fb25f7 --- /dev/null +++ b/openbsd-compat/sha2.c @@ -0,0 +1,876 @@ +/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */ + +/* + * FILE: sha2.c + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ + +#include "includes.h" + +#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) +#include +#include +#include "sha2.h" + +/* + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * #define SHA2_UNROLL_TRANSFORM + * + */ + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivilent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * #define LITTLE_ENDIAN 1234 + * #define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * #define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * #define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif + + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) +#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) +#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) + +/*** ENDIAN SPECIFIC COPY MACROS **************************************/ +#define BE_8_TO_32(dst, cp) do { \ + (dst) = (u_int32_t)(cp)[3] | ((u_int32_t)(cp)[2] << 8) | \ + ((u_int32_t)(cp)[1] << 16) | ((u_int32_t)(cp)[0] << 24); \ +} while(0) + +#define BE_8_TO_64(dst, cp) do { \ + (dst) = (u_int64_t)(cp)[7] | ((u_int64_t)(cp)[6] << 8) | \ + ((u_int64_t)(cp)[5] << 16) | ((u_int64_t)(cp)[4] << 24) | \ + ((u_int64_t)(cp)[3] << 32) | ((u_int64_t)(cp)[2] << 40) | \ + ((u_int64_t)(cp)[1] << 48) | ((u_int64_t)(cp)[0] << 56); \ +} while (0) + +#define BE_64_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 56; \ + (cp)[1] = (src) >> 48; \ + (cp)[2] = (src) >> 40; \ + (cp)[3] = (src) >> 32; \ + (cp)[4] = (src) >> 24; \ + (cp)[5] = (src) >> 16; \ + (cp)[6] = (src) >> 8; \ + (cp)[7] = (src); \ +} while (0) + +#define BE_32_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 24; \ + (cp)[1] = (src) >> 16; \ + (cp)[2] = (src) >> 8; \ + (cp)[3] = (src); \ +} while (0) + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) do { \ + (w)[0] += (u_int64_t)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} while (0) + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-256: */ +const static u_int32_t K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Initial hash value H for SHA-256: */ +const static u_int32_t sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +/* Hash constant words K for SHA-384 and SHA-512: */ +const static u_int64_t K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* Initial hash value H for SHA-384 */ +const static u_int64_t sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* Initial hash value H for SHA-512 */ +const static u_int64_t sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; + + +/*** SHA-256: *********************************************************/ +void +SHA256_Init(SHA256_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha256_initial_hash_value, + sizeof(sha256_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_32(W256[j], data); \ + data += 4; \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +#define ROUND256(a,b,c,d,e,f,g,h) do { \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 63: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, T2, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_32(W256[j], data); + data += 4; + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + SHA256_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA256_Transform(context->state, data); + context->bitcount += SHA256_BLOCK_LENGTH << 3; + len -= SHA256_BLOCK_LENGTH; + data += SHA256_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +SHA256_Pad(SHA256_CTX *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, + SHA256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA256_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, + SHA256_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Prepare for last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], + context->bitcount); + + /* Final transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context) +{ + SHA256_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_32_TO_8(digest + i * 4, context->state[i]); +#else + memcpy(digest, context->state, SHA256_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + + +/*** SHA-512: *********************************************************/ +void +SHA512_Init(SHA512_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha512_initial_hash_value, + sizeof(sha512_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_64(W512[j], data); \ + data += 8; \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + + +#define ROUND512(a,b,c,d,e,f,g,h) do { \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, T2, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_64(W512[j], data); + data += 8; + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + SHA512_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA512_Transform(context->state, data); + ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); + len -= SHA512_BLOCK_LENGTH; + data += SHA512_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +SHA512_Pad(SHA512_CTX *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA512_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA512_Transform(context->state, context->buffer); + + /* And set-up for the last transform: */ + memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], + context->bitcount[1]); + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8], + context->bitcount[0]); + + /* Final transform: */ + SHA512_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context) +{ + SHA512_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA512_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + + +/*** SHA-384: *********************************************************/ +void +SHA384_Init(SHA384_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha384_initial_hash_value, + sizeof(sha384_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +__weak_alias(SHA384_Transform, SHA512_Transform); +__weak_alias(SHA384_Update, SHA512_Update); +__weak_alias(SHA384_Pad, SHA512_Pad); + +void +SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) +{ + SHA384_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 6; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA384_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + memset(context, 0, sizeof(*context)); +} + +#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h new file mode 100644 index 000000000..fb40bde43 --- /dev/null +++ b/openbsd-compat/sha2.h @@ -0,0 +1,125 @@ +/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $ */ + +/* + * FILE: sha2.h + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: include/sha2.h */ + +#ifndef _SHA2_H +#define _SHA2_H + +#include "includes.h" + +#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) + + +/*** SHA-256/384/512 Context Structures *******************************/ +typedef struct _SHA256_CTX { + u_int32_t state[8]; + u_int64_t bitcount; + u_int8_t buffer[SHA256_BLOCK_LENGTH]; +} SHA256_CTX; +typedef struct _SHA512_CTX { + u_int64_t state[8]; + u_int64_t bitcount[2]; + u_int8_t buffer[SHA512_BLOCK_LENGTH]; +} SHA512_CTX; + +typedef SHA512_CTX SHA384_CTX; + +void SHA256_Init(SHA256_CTX *); +void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); +void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA256_Pad(SHA256_CTX *); +void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); +char *SHA256_End(SHA256_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); + +void SHA384_Init(SHA384_CTX *); +void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); +void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA384_Pad(SHA384_CTX *); +void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); +char *SHA384_End(SHA384_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); + +void SHA512_Init(SHA512_CTX *); +void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); +void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA512_Pad(SHA512_CTX *); +void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); +char *SHA512_End(SHA512_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); + +#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ + +#endif /* _SHA2_H */ diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 74e8a8b13..68ac91192 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,13 +23,15 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.7 2006/03/15 02:02:31 djm Exp $ */ #include "includes.h" +#include #ifdef HAVE_SYS_MMAN_H #include #endif +#include #include "log.h" -- cgit v1.2.3 From 41e364bcfa11d5a72c242d0b27ead364b0ebaa5d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:12:41 +1100 Subject: - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present --- ChangeLog | 3 ++- configure.ac | 5 +++-- md-sha256.c | 4 ++++ 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index fbdf12179..be1030f6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -249,6 +249,7 @@ EVP_sha256 if present - (djm) [includes.h] Restore accidentally dropped netinet/in.h - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files + - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4150,4 +4151,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4210 2006/03/15 02:09:18 djm Exp $ +$Id: ChangeLog,v 1.4211 2006/03/15 02:12:41 djm Exp $ diff --git a/configure.ac b/configure.ac index 160493f06..fc54f3b54 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.334 2006/03/15 02:02:28 djm Exp $ +# $Id: configure.ac,v 1.335 2006/03/15 02:12:41 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.334 $) +AC_REVISION($Revision: 1.335 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -690,6 +690,7 @@ AC_CHECK_HEADERS( \ readpassphrase.h \ rpc/types.h \ security/pam_appl.h \ + sha2.h \ shadow.h \ stddef.h \ stdint.h \ diff --git a/md-sha256.c b/md-sha256.c index 82c526d33..ff7f38157 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -20,7 +20,11 @@ #ifndef HAVE_EVP_SHA256 +#include #include +#if defined(HAVE_SHA2_H) && defined(HAVE_SHA256_UPDATE) +# include +#endif RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); -- cgit v1.2.3 From 486d95e6f78e7b27bbdc932ee6fdce0d28b2f8d9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Mar 2006 21:31:39 +1100 Subject: - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index c0a0a4ebe..0141c327c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -267,6 +267,7 @@ - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some includes removed from includes.h + - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4168,4 +4169,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4220 2006/03/15 06:09:50 tim Exp $ +$Id: ChangeLog,v 1.4221 2006/03/15 10:31:39 dtucker Exp $ diff --git a/configure.ac b/configure.ac index fc54f3b54..72577a728 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.335 2006/03/15 02:12:41 djm Exp $ +# $Id: configure.ac,v 1.336 2006/03/15 10:31:39 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.335 $) +AC_REVISION($Revision: 1.336 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -924,7 +924,7 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_TRY_COMPILE(FOUNDIT, +AC_TRY_COMPILE( [ #include ], [glob_t g; g.gl_matchc = 1;], [ -- cgit v1.2.3 From 8bb9e2c9000d5cfe8d5503d67d48a8a4e153ec39 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Mar 2006 22:28:17 +1100 Subject: - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. --- ChangeLog | 3 ++- configure.ac | 10 +++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 339568ddd..cdbf5d737 100644 --- a/ChangeLog +++ b/ChangeLog @@ -271,6 +271,7 @@ - (djm) [includes.h] Put back paths.h, it is needed in defines.h - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs sys/ioctl.h for struct winsize. + - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4172,4 +4173,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4223 2006/03/15 11:25:54 dtucker Exp $ +$Id: ChangeLog,v 1.4224 2006/03/15 11:28:17 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 72577a728..f8faa2660 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.336 2006/03/15 10:31:39 dtucker Exp $ +# $Id: configure.ac,v 1.337 2006/03/15 11:28:17 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.336 $) +AC_REVISION($Revision: 1.337 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -679,7 +679,6 @@ AC_CHECK_HEADERS( \ iaf.h \ limits.h \ login.h \ - login_cap.h \ maillock.h \ ndir.h \ netdb.h \ @@ -740,6 +739,11 @@ AC_CHECK_HEADERS(sys/ptms.h, [], [], [ #endif ]) +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS(login_cap.h, [], [], [ +#include +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From c495301bf8cd3a05512e702af212631abab52b88 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 16 Mar 2006 08:14:34 +1100 Subject: - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in /usr/include/crypto. Hint from djm@. --- ChangeLog | 4 +++- configure.ac | 5 +++-- md-sha256.c | 8 ++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 308f9d1ec..1c4fdef89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20060316 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. + - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in + /usr/include/crypto. Hint from djm@. 20060315 - (djm) OpenBSD CVS Sync: @@ -4176,4 +4178,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4225 2006/03/15 20:21:35 dtucker Exp $ +$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f8faa2660..9e037ab0e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.337 2006/03/15 11:28:17 dtucker Exp $ +# $Id: configure.ac,v 1.338 2006/03/15 21:14:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.337 $) +AC_REVISION($Revision: 1.338 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -669,6 +669,7 @@ dnl Checks for header files. AC_CHECK_HEADERS( \ bstring.h \ crypt.h \ + crypto/sha2.h \ dirent.h \ endian.h \ features.h \ diff --git a/md-sha256.c b/md-sha256.c index ff7f38157..0b1ed5828 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -22,8 +22,12 @@ #include #include -#if defined(HAVE_SHA2_H) && defined(HAVE_SHA256_UPDATE) -# include +#ifdef HAVE_SHA256_UPDATE +# ifdef HAVE_SHA2_H +# include +# elif defined(HAVE_CRYPTO_SHA2_H) +# include +# endif #endif RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); -- cgit v1.2.3 From 73b42d2bb058da914828b53f2951954560a5b6eb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Apr 2006 21:26:08 +1000 Subject: - (djm) [Makefile.in configure.ac session.c sshpty.c] [contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@ --- ChangeLog | 14 +++- Makefile.in | 5 +- configure.ac | 22 +++++- contrib/redhat/sshd.init | 9 +++ openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/port-linux.c | 165 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-linux.h | 27 +++++++ session.c | 4 + sshpty.c | 4 + 10 files changed, 247 insertions(+), 10 deletions(-) create mode 100644 openbsd-compat/port-linux.c create mode 100644 openbsd-compat/port-linux.h (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 5328aa9c4..92a2f25d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,14 @@ +20060421 + - (djm) [Makefile.in configure.ac session.c sshpty.c] + [contrib/redhat/sshd.init openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] + [openbsd-compat/port-linux.h] Add support for SELinux, setting + the execution and TTY contexts. based on patch from Daniel Walsh, + bz #880; ok dtucker@ + 20060418 - - (djm) Reorder IP options check so that it isn't broken by - mapped addresses; bz #1179 reported by markw wtech-llc.com; + - (djm) [canohost.c] Reorder IP options check so that it isn't broken + by mapped addresses; bz #1179 reported by markw wtech-llc.com; ok dtucker@ 20060331 @@ -4500,4 +4508,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4301 2006/04/18 05:13:16 djm Exp $ +$Id: ChangeLog,v 1.4302 2006/04/22 11:26:08 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 57475f003..9bc25e7a7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.276 2006/03/15 02:09:18 djm Exp $ +# $Id: Makefile.in,v 1.277 2006/04/22 11:26:08 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBSELINUX=@LIBSELINUX@ LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ @@ -136,7 +137,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 9e037ab0e..093c17643 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.338 2006/03/15 21:14:34 dtucker Exp $ +# $Id: configure.ac,v 1.339 2006/04/22 11:26:08 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.338 $) +AC_REVISION($Revision: 1.339 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3000,6 +3000,23 @@ int main() [#include ]) ]) +# Check whether user wants SELinux support +SELINUX_MSG="no" +LIBSELINUX="" +AC_ARG_WITH(selinux, + [ --with-selinux Enable SELinux support], + [ if test "x$withval" != "xno" ; then + AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) + SELINUX_MSG="yes" + AC_CHECK_HEADER([selinux/selinux.h], , + AC_MSG_ERROR(SELinux support requires selinux.h header)) + AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], + AC_MSG_ERROR(SELinux support requires libselinux library)) + AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + fi ] +) +AC_SUBST(LIBSELINUX) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, @@ -3818,6 +3835,7 @@ fi echo " Manpage format: $MANTYPE" echo " PAM support: $PAM_MSG" echo " KerberosV support: $KRB5_MSG" +echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 4ee8630c3..e5d837cbc 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -35,6 +35,9 @@ do_rsa1_keygen() { if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA1_KEY.pub + fi success $"RSA1 key generation" echo else @@ -51,6 +54,9 @@ do_rsa_keygen() { if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA_KEY.pub + fi success $"RSA key generation" echo else @@ -67,6 +73,9 @@ do_dsa_keygen() { if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $DSA_KEY.pub + fi success $"DSA key generation" echo else diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index f1a706241..67e521bfe 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.38 2006/03/15 02:09:20 djm Exp $ +# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o port-uw.o port-tun.o +PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 432b183e7..eda9c49eb 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.35 2006/03/15 11:25:55 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.36 2006/04/22 11:26:08 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -185,6 +185,7 @@ char *shadow_pw(struct passwd *pw); #include "bsd-cray.h" #include "bsd-cygwin_util.h" #include "port-irix.h" +#include "port-linux.h" #include "port-aix.h" #include "port-uw.h" #include "port-tun.h" diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c new file mode 100644 index 000000000..54ec2910e --- /dev/null +++ b/openbsd-compat/port-linux.c @@ -0,0 +1,165 @@ +/* $Id: port-linux.c,v 1.1 2006/04/22 11:26:08 djm Exp $ */ + +/* + * Copyright (c) 2005 Daniel Walsh + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Linux-specific portability code - just SELinux support at present + */ + +#include "includes.h" + +#ifdef WITH_SELINUX +#include "log.h" +#include "port-linux.h" + +#include +#include +#include + +/* Wrapper around is_selinux_enabled() to log its return value once only */ +static int +ssh_selinux_enabled(void) +{ + static int enabled = -1; + + if (enabled == -1) { + enabled = is_selinux_enabled(); + debug("SELinux support %s", enabled ? "enabled" : "disabled"); + } + + return (enabled); +} + +/* Return the default security context for the given username */ +static security_context_t +ssh_selinux_getctxbyname(char *pwname) +{ + security_context_t sc; + char *sename = NULL, *lvl = NULL; + int r; + +#ifdef HAVE_GETSEUSERBYNAME + if (getseuserbyname(pwname, &sename, &lvl) != 0) + return NULL; +#else + sename = pwname; + lvl = NULL; +#endif + +#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL + r = get_default_context_with_level(sename, lvl, NULL, &sc); +#else + r = get_default_context(sename, NULL, &sc); +#endif + + if (r != 0) { + switch (security_getenforce()) { + case -1: + fatal("%s: ssh_selinux_getctxbyname: " + "security_getenforce() failed", __func__); + case 0: + error("%s: Failed to get default SELinux security " + "context for %s", __func__, pwname); + default: + fatal("%s: Failed to get default SELinux security " + "context for %s (in enforcing mode)", + __func__, pwname); + } + } + +#ifdef HAVE_GETSEUSERBYNAME + if (sename != NULL) + xfree(sename); + if (lvl != NULL) + xfree(lvl); +#endif + + return (sc); +} + +/* Set the execution context to the default for the specified user */ +void +ssh_selinux_setup_exec_context(char *pwname) +{ + security_context_t user_ctx = NULL; + + if (!ssh_selinux_enabled()) + return; + + debug3("%s: setting execution context", __func__); + + user_ctx = ssh_selinux_getctxbyname(pwname); + if (setexeccon(user_ctx) != 0) { + switch (security_getenforce()) { + case -1: + fatal("%s: security_getenforce() failed", __func__); + case 0: + error("%s: Failed to set SELinux execution " + "context for %s", __func__, pwname); + default: + fatal("%s: Failed to set SELinux execution context " + "for %s (in enforcing mode)", __func__, pwname); + } + } + if (user_ctx != NULL) + freecon(user_ctx); + + debug3("%s: done", __func__); +} + +/* Set the TTY context for the specified user */ +void +ssh_selinux_setup_pty(char *pwname, const char *tty) +{ + security_context_t new_tty_ctx = NULL; + security_context_t user_ctx = NULL; + security_context_t old_tty_ctx = NULL; + + if (!ssh_selinux_enabled()) + return; + + debug3("%s: setting TTY context on %s", __func__, tty); + + user_ctx = ssh_selinux_getctxbyname(pwname); + + /* XXX: should these calls fatal() upon failure in enforcing mode? */ + + if (getfilecon(tty, &old_tty_ctx) == -1) { + error("%s: getfilecon: %s", __func__, strerror(errno)); + goto out; + } + + if (security_compute_relabel(user_ctx, old_tty_ctx, + SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { + error("%s: security_compute_relabel: %s", + __func__, strerror(errno)); + goto out; + } + + if (setfilecon(tty, new_tty_ctx) != 0) + error("%s: setfilecon: %s", __func__, strerror(errno)); + out: + if (new_tty_ctx != NULL) + freecon(new_tty_ctx); + if (old_tty_ctx != NULL) + freecon(old_tty_ctx); + if (user_ctx != NULL) + freecon(user_ctx); + debug3("%s: done", __func__); +} +#endif /* WITH_SELINUX */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h new file mode 100644 index 000000000..05e520e1c --- /dev/null +++ b/openbsd-compat/port-linux.h @@ -0,0 +1,27 @@ +/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */ + +/* + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_LINUX_H +#define _PORT_LINUX_H + +#ifdef WITH_SELINUX +void ssh_selinux_setup_pty(char *, const char *); +void ssh_selinux_setup_exec_context(char *); +#endif + +#endif /* ! _PORT_LINUX_H */ diff --git a/session.c b/session.c index 8b837d07d..bba3fa21f 100644 --- a/session.c +++ b/session.c @@ -1352,6 +1352,10 @@ do_setusercontext(struct passwd *pw) #endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); + +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif } static void diff --git a/sshpty.c b/sshpty.c index a15df0414..0e49e9a16 100644 --- a/sshpty.c +++ b/sshpty.c @@ -210,6 +210,10 @@ pty_setowner(struct passwd *pw, const char *tty) fatal("stat(%.100s) failed: %.100s", tty, strerror(errno)); +#ifdef WITH_SELINUX + ssh_selinux_setup_pty(pw->pw_name, tty); +#endif + if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(tty, pw->pw_uid, gid) < 0) { if (errno == EROFS && -- cgit v1.2.3 From 3eb4834489426bd796da90299b2f8174b744dddd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Jun 2006 21:05:12 +1000 Subject: - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@ --- ChangeLog | 7 ++++++- INSTALL | 12 +++++++----- README.platform | 14 +++++++++++++- configure.ac | 10 ++++++++-- openbsd-compat/port-tun.c | 4 ++++ 5 files changed, 38 insertions(+), 9 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 30cd23659..327fec1d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060623 + - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add + tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch + from reyk@, tested by anil@ + 20060613 - (djm) [getput.h] This file has been replaced by functions in misc.c - OpenBSD CVS Sync @@ -4685,4 +4690,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4344 2006/06/13 03:15:54 djm Exp $ +$Id: ChangeLog,v 1.4345 2006/06/23 11:05:12 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 38f39473f..efc7b47d0 100644 --- a/INSTALL +++ b/INSTALL @@ -57,9 +57,10 @@ installed. No other S/Key library is currently known to be supported. http://www.sparc.spb.su/solaris/skey/ LibEdit: -sftp now supports command-line editing via NetBSD's libedit. If your -platform has it available natively you can use that, alternatively -you might try these multi-platform ports: + +sftp supports command-line editing via NetBSD's libedit. If your platform +has it available natively you can use that, alternatively you might try +these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ @@ -210,7 +211,8 @@ for sshd, ssh and ssh-agent. ------------------------- $ make survey -[check the contents and make sure there's no sensitive information] +[check the contents of the file "survey" to ensure there's no information +that you consider sensitive] $ make send-survey This will send configuration information for the currently configured @@ -227,4 +229,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ +$Id: INSTALL,v 1.72 2006/06/23 11:05:13 dtucker Exp $ diff --git a/README.platform b/README.platform index 4c18a3278..b7dc3f91c 100644 --- a/README.platform +++ b/README.platform @@ -30,6 +30,18 @@ gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl, openssl-devel, zlib, minres, minires-devel. +Darwin and MacOS X +------------------ +Darwin does not provide a tun(4) driver required for OpenSSH-based +virtual private networks. The BSD manpage still exists, but the driver +has been removed in recent releases of Darwin and MacOS X. + +Nevertheless, tunnel support is known to work with Darwin 8 and +MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode +using a third party driver. More information is available at: + http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ + + Solaris ------- If you enable BSM auditing on Solaris, you need to update audit_event(4) @@ -55,4 +67,4 @@ account stacks which will prevent authentication entirely, but will still return the output from pam_nologin to the client. -$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $ +$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 093c17643..c3cb68f28 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.339 2006/04/22 11:26:08 djm Exp $ +# $Id: configure.ac,v 1.340 2006/06/23 11:05:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.339 $) +AC_REVISION($Revision: 1.340 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -231,6 +231,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, [Define if your resolver libs need this for getrrsetbyname]) + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_DEFINE(SSH_TUN_COMPAT_AF, 1, + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases @@ -682,6 +687,7 @@ AC_CHECK_HEADERS( \ login.h \ maillock.h \ ndir.h \ + net/if_tun.h \ netdb.h \ netgroup.h \ pam/pam_appl.h \ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index d09fe3d06..6e1fed969 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -29,6 +29,7 @@ * settings. * * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device * SSH_TUN_COMPAT_AF Translate the OpenBSD address family * SSH_TUN_PREPEND_AF Prepend/remove the address family */ @@ -96,7 +97,10 @@ sys_tun_open(int tun, int mode) #ifdef SSH_TUN_FREEBSD #include #include + +#ifdef HAVE_NET_IF_TUN_H #include +#endif int sys_tun_open(int tun, int mode) -- cgit v1.2.3 From 9afe115f0ac738204d4edb66b9353a765826ae46 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Jun 2006 21:24:12 +1000 Subject: - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes on the pty slave as zero-length reads on the pty master, which sshd interprets as the descriptor closing. Since most things don't do zero length writes this rarely matters, but occasionally it happens, and when it does the SSH pty session appears to hang, so we add a special case for this condition. ok djm@ --- ChangeLog | 9 ++++++++- channels.c | 5 +++++ configure.ac | 5 +++-- serverloop.c | 10 ++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 327fec1d6..dfaa46795 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@ + - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX + 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes + on the pty slave as zero-length reads on the pty master, which sshd + interprets as the descriptor closing. Since most things don't do zero + length writes this rarely matters, but occasionally it happens, and when + it does the SSH pty session appears to hang, so we add a special case for + this condition. ok djm@ 20060613 - (djm) [getput.h] This file has been replaced by functions in misc.c @@ -4690,4 +4697,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4345 2006/06/23 11:05:12 dtucker Exp $ +$Id: ChangeLog,v 1.4346 2006/06/23 11:24:12 dtucker Exp $ diff --git a/channels.c b/channels.c index 2fa997edc..239e9dd83 100644 --- a/channels.c +++ b/channels.c @@ -1415,10 +1415,15 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) if (c->rfd != -1 && FD_ISSET(c->rfd, readset)) { + errno = 0; len = read(c->rfd, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; +#ifndef PTY_ZEROREAD if (len <= 0) { +#else + if (len < 0 || (len == 0 && errno != 0)) { +#endif debug2("channel %d: read<=0 rfd %d len %d", c->self, c->rfd, len); if (c->type != SSH_CHANNEL_OPEN) { diff --git a/configure.ac b/configure.ac index c3cb68f28..259b5c288 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.340 2006/06/23 11:05:13 dtucker Exp $ +# $Id: configure.ac,v 1.341 2006/06/23 11:24:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.340 $) +AC_REVISION($Revision: 1.341 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -190,6 +190,7 @@ case "$host" in supported by bsd-setproctitle.c]) AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, [AIX 5.2 and 5.3 (and presumably newer) require this]) + AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd]) ;; *-*-cygwin*) check_for_libcrypt_later=1 diff --git a/serverloop.c b/serverloop.c index 021ba68c0..c1eb28853 100644 --- a/serverloop.c +++ b/serverloop.c @@ -387,10 +387,15 @@ process_input(fd_set *readset) /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { + errno = 0; len = read(fdout, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ +#ifdef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if (len < 0 || (len == 0 && errno != 0)) { +#endif fdout_eof = 1; } else { buffer_append(&stdout_buffer, buf, len); @@ -399,10 +404,15 @@ process_input(fd_set *readset) } /* Read and buffer any available stderr data from the program. */ if (!fderr_eof && FD_ISSET(fderr, readset)) { + errno = 0; len = read(fderr, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ +#ifdef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if (len < 0 || (len == 0 && errno != 0)) { +#endif fderr_eof = 1; } else { buffer_append(&stderr_buffer, buf, len); -- cgit v1.2.3 From 0249f93c4d9c552cdcaf2dec7af1f2fc20fdcbaa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Jun 2006 12:10:07 +1000 Subject: - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. Works around limitation in Solaris' passwd program for changing passwords where the username is longer than 8 characters. ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index dfaa46795..b5635b423 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060624 + - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. + Works around limitation in Solaris' passwd program for changing passwords + where the username is longer than 8 characters. ok djm@ + 20060623 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch @@ -4697,4 +4702,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4346 2006/06/23 11:24:12 dtucker Exp $ +$Id: ChangeLog,v 1.4347 2006/06/24 02:10:07 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 259b5c288..f6cd7bb95 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.341 2006/06/23 11:24:13 dtucker Exp $ +# $Id: configure.ac,v 1.342 2006/06/24 02:10:07 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.341 $) +AC_REVISION($Revision: 1.342 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -410,6 +410,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SSHD_ACQUIRES_CTTY, 1, [Define if sshd somehow reacquires a controlling TTY after setsid()]) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd + in case the name is longer than 8 chars]) external_path_file=/etc/default/login # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" -- cgit v1.2.3 From 8b272ab09b722222cc4d6bb79fe6d7812c0b2f7f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 27 Jun 2006 11:20:28 +1000 Subject: - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems with autoconf 2.60. Patch from vapier at gentoo.org. --- ChangeLog | 6 +++++- configure.ac | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 10ffed226..01fa36e83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060627 + - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems + with autoconf 2.60. Patch from vapier at gentoo.org. + 20060625 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys only, otherwise sshd can hang exiting non-interactive sessions. @@ -4708,4 +4712,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4349 2006/06/24 22:25:25 dtucker Exp $ +$Id: ChangeLog,v 1.4350 2006/06/27 01:20:28 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f6cd7bb95..3179ff3e7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.342 2006/06/24 02:10:07 dtucker Exp $ +# $Id: configure.ac,v 1.343 2006/06/27 01:20:29 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.342 $) +AC_REVISION($Revision: 1.343 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1623,6 +1623,7 @@ main(void) AC_MSG_RESULT(no) AC_DEFINE(BROKEN_GETADDRINFO) ], + [ AC_MSG_RESULT(cross-compiling, assuming no) ] ) -- cgit v1.2.3 From bdc121279f15b13b103c15555591f784886d0011 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 6 Jul 2006 11:56:25 +1000 Subject: - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so configure would not select the correct libpath linker flags. --- ChangeLog | 7 ++++++- configure.ac | 11 ++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 8f57ef9b6..e438b495f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060706 + - (dtucker) [configure.ac] Try AIX blibpath test in different order when + compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so + configure would not select the correct libpath linker flags. + 20060705 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the target already exists. @@ -4724,4 +4729,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4356 2006/07/05 12:48:07 djm Exp $ +$Id: ChangeLog,v 1.4357 2006/07/06 01:56:25 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3179ff3e7..252e7a993 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.343 2006/06/27 01:20:29 dtucker Exp $ +# $Id: configure.ac,v 1.344 2006/07/06 01:56:25 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.343 $) +AC_REVISION($Revision: 1.344 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -135,7 +135,12 @@ case "$host" in blibpath="/usr/lib:/lib" fi saved_LDFLAGS="$LDFLAGS" - for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do + if test "$GCC" = "yes"; then + flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" + else + flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," + fi + for tryflags in $flags ;do if (test -z "$blibflags"); then LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" AC_TRY_LINK([], [], [blibflags=$tryflags]) -- cgit v1.2.3 From 44c828fe29e61126ae5ff9e71e1a76a55f5fa34b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 11 Jul 2006 18:00:06 +1000 Subject: - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally include paths.h. Fixes build error on Solaris. --- ChangeLog | 7 ++++++- configure.ac | 5 +++-- openbsd-compat/bsd-openpty.c | 10 ++++++++++ openbsd-compat/daemon.c | 10 ++++++++++ 4 files changed, 29 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 6c4cf92c0..9ca297bf6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060711 + - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c + openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally + include paths.h. Fixes build error on Solaris. + 20060710 - (dtucker) [INSTALL] New autoconf version: 2.60. - OpenBSD CVS Sync @@ -4839,4 +4844,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4385 2006/07/10 14:20:51 dtucker Exp $ +$Id: ChangeLog,v 1.4386 2006/07/11 08:00:06 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 252e7a993..c6d56bf4a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.344 2006/07/06 01:56:25 dtucker Exp $ +# $Id: configure.ac,v 1.345 2006/07/11 08:00:06 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.344 $) +AC_REVISION($Revision: 1.345 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -686,6 +686,7 @@ AC_CHECK_HEADERS( \ dirent.h \ endian.h \ features.h \ + fcntl.h \ floatingpoint.h \ getopt.h \ glob.h \ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 28929de67..0b77a1da9 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -35,6 +35,16 @@ #include "includes.h" #if !defined(HAVE_OPENPTY) +#include + +#ifdef HAVE_SYS_STAT_H +# include +#endif + +#ifdef HAVE_FCNTL_H +# include +#endif + #ifdef HAVE_UTIL_H # include #endif /* HAVE_UTIL_H */ diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index f8a0680bf..f380139d3 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c @@ -34,6 +34,16 @@ #ifndef HAVE_DAEMON +#include + +#ifdef HAVE_SYS_STAT_H +# include +#endif + +#ifdef HAVE_FCNTL_H +# include +#endif + int daemon(int nochdir, int noclose) { -- cgit v1.2.3 From 248469bc8d6c001596fdd3a83c1ffc63ae466e5b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 14:14:31 +1000 Subject: - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably more. --- ChangeLog | 7 ++++++- configure.ac | 17 +++++++++++++++-- defines.h | 8 ++++---- 3 files changed, 25 insertions(+), 7 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 78a23fe4f..b2c8cda3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060712 + - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK + if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably + more. + 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally @@ -4846,4 +4851,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4387 2006/07/11 09:01:51 dtucker Exp $ +$Id: ChangeLog,v 1.4388 2006/07/12 04:14:31 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c6d56bf4a..19446b3bd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.345 2006/07/11 08:00:06 dtucker Exp $ +# $Id: configure.ac,v 1.346 2006/07/12 04:14:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.345 $) +AC_REVISION($Revision: 1.346 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1285,6 +1285,19 @@ AC_CHECK_DECL(tcsendbreak, AC_CHECK_DECLS(h_errno, , ,[#include ]) +AC_CHECK_DECLS(SHUT_RD, , ,[#include ]) + +AC_CHECK_DECLS(O_NONBLOCK, , , + [ +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_FCNTL_H +# include +#endif + ]) + AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) diff --git a/defines.h b/defines.h index f2fdd3cad..4dccc9172 100644 --- a/defines.h +++ b/defines.h @@ -25,12 +25,12 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.132 2006/05/15 07:17:30 dtucker Exp $ */ +/* $Id: defines.h,v 1.133 2006/07/12 04:14:31 dtucker Exp $ */ /* Constants */ -#ifndef SHUT_RDWR +#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 enum { SHUT_RD = 0, /* No more receptions. */ @@ -90,8 +90,8 @@ enum #endif #endif -#ifndef O_NONBLOCK /* Non Blocking Open */ -# define O_NONBLOCK 00004 +#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0 +# define O_NONBLOCK 00004 /* Non Blocking Open */ #endif #ifndef S_ISDIR -- cgit v1.2.3 From 128a0894a5ec604572f2acc34f016f8f144b9780 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 19:02:56 +1000 Subject: - (dtucker) [configure.ac] OpenBSD needs before for SHUT_RD. --- ChangeLog | 4 +++- configure.ac | 10 +++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 7e8392a43..1f11e32bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably more. + - (dtucker) [configure.ac] OpenBSD needs before + for SHUT_RD. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4851,4 +4853,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4389 2006/07/12 09:01:29 dtucker Exp $ +$Id: ChangeLog,v 1.4390 2006/07/12 09:02:56 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 19446b3bd..3373dadc7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.346 2006/07/12 04:14:31 dtucker Exp $ +# $Id: configure.ac,v 1.347 2006/07/12 09:02:57 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.346 $) +AC_REVISION($Revision: 1.347 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1285,7 +1285,11 @@ AC_CHECK_DECL(tcsendbreak, AC_CHECK_DECLS(h_errno, , ,[#include ]) -AC_CHECK_DECLS(SHUT_RD, , ,[#include ]) +AC_CHECK_DECLS(SHUT_RD, , , + [ +#include +#include + ]) AC_CHECK_DECLS(O_NONBLOCK, , , [ -- cgit v1.2.3 From f1f4bdd1aaec7d4d0f0fa787a7b6d16906ca34fa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 4 Aug 2006 19:44:23 +1000 Subject: - (dtucker) [configure.ac] The "crippled AES" test does not work on recent versions of Solaris, so use AC_LINK_IFELSE to actually link the test program rather than just compiling it. Spotted by dlg@. --- ChangeLog | 7 ++++++- configure.ac | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 128057cbf..d3077fbda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060804 + - (dtucker) [configure.ac] The "crippled AES" test does not work on recent + versions of Solaris, so use AC_LINK_IFELSE to actually link the test program + rather than just compiling it. Spotted by dlg@. + 20060802 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. @@ -5062,4 +5067,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4440 2006/08/02 13:33:54 dtucker Exp $ +$Id: ChangeLog,v 1.4441 2006/08/04 09:44:23 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3373dadc7..31dac052e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.347 2006/07/12 09:02:57 dtucker Exp $ +# $Id: configure.ac,v 1.348 2006/08/04 09:44:23 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.347 $) +AC_REVISION($Revision: 1.348 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1892,7 +1892,7 @@ int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} # Check for OpenSSL without EVP_aes_{192,256}_cbc AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) -AC_COMPILE_IFELSE( +AC_LINK_IFELSE( [AC_LANG_SOURCE([[ #include #include -- cgit v1.2.3 From 3083bc2b52fe00b5c5fe87dd3638969835dab0e8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 17 Aug 2006 19:35:49 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl for closefrom() on AIX. Pointed out by William Ahern. --- ChangeLog | 4 +++- configure.ac | 10 ++++++++-- openbsd-compat/bsd-closefrom.c | 7 +++++++ 3 files changed, 18 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 911fd3716..3f253c021 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] Include stdlib.h for malloc and friends. + - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl + for closefrom() on AIX. Pointed out by William Ahern. 20060816 - (djm) [audit-bsm.c] Sprinkle in some headers @@ -5214,4 +5216,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4480 2006/08/17 08:55:27 dtucker Exp $ +$Id: ChangeLog,v 1.4481 2006/08/17 09:35:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 31dac052e..7a296ae8b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.348 2006/08/04 09:44:23 dtucker Exp $ +# $Id: configure.ac,v 1.349 2006/08/17 09:35:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.348 $) +AC_REVISION($Revision: 1.349 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -180,6 +180,12 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) + AC_CHECK_DECL(F_CLOSEM, + AC_DEFINE(USE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), + [], + [ #include + #include ] + ) check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.]) AC_DEFINE(SETEUID_BREAKS_SETUID, 1, diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 3f17302d1..e7a521e43 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -22,6 +22,9 @@ #include #include #include +#ifdef HAVE_FCNTL_H +# include +#endif #include #include #include @@ -76,6 +79,10 @@ closefrom(int lowfd) } (void) closedir(dirp); } else +#elif defined(USE_FCNTL_CLOSEM) + if (fcntl(lowfd, F_CLOSEM, 0) != -1) { + return; + } else #endif { /* -- cgit v1.2.3 From d018b2e9c88f6669c68f3343dbbf53e6084e8ff7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Aug 2006 18:51:20 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with closefrom.c from sudo. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- openbsd-compat/bsd-closefrom.c | 20 +++++++++++--------- 3 files changed, 19 insertions(+), 13 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 1f37e7477..599e7eca1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060818 + - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with + closefrom.c from sudo. + 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] Include stdlib.h for malloc and friends. @@ -5218,4 +5222,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4482 2006/08/17 09:40:35 dtucker Exp $ +$Id: ChangeLog,v 1.4483 2006/08/18 08:51:20 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 7a296ae8b..f8e6cd4ce 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.349 2006/08/17 09:35:49 dtucker Exp $ +# $Id: configure.ac,v 1.350 2006/08/18 08:51:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.349 $) +AC_REVISION($Revision: 1.350 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -181,7 +181,7 @@ case "$host" in ) AC_CHECK_FUNCS(setauthdb) AC_CHECK_DECL(F_CLOSEM, - AC_DEFINE(USE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), + AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), [], [ #include #include ] diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index e7a521e43..4b72920d6 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Todd C. Miller + * Copyright (c) 2004-2005 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -52,12 +52,19 @@ #endif #ifndef lint -static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $"; #endif /* lint */ /* * Close all file descriptors greater than or equal to lowfd. */ +#ifdef HAVE_FCNTL_CLOSEM +void +closefrom(int lowfd) +{ + (void) fcntl(lowfd, F_CLOSEM, 0); +} +#else void closefrom(int lowfd) { @@ -70,7 +77,7 @@ closefrom(int lowfd) /* Check for a /proc/$$/fd directory. */ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { + if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { while ((dent = readdir(dirp)) != NULL) { fd = strtol(dent->d_name, &endp, 10); if (dent->d_name != endp && *endp == '\0' && @@ -79,10 +86,6 @@ closefrom(int lowfd) } (void) closedir(dirp); } else -#elif defined(USE_FCNTL_CLOSEM) - if (fcntl(lowfd, F_CLOSEM, 0) != -1) { - return; - } else #endif { /* @@ -102,6 +105,5 @@ closefrom(int lowfd) (void) close((int) fd); } } - +#endif /* !HAVE_FCNTL_CLOSEM */ #endif /* HAVE_CLOSEFROM */ - -- cgit v1.2.3 From bb59814cd644f78e82df07d820ed00fa7a25e68a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 08:38:23 +1000 Subject: - (djm) Disable sigdie() for platforms that cannot safely syslog inside a signal handler (basically all of them, excepting OpenBSD); ok dtucker@ --- ChangeLog | 5 ++++- configure.ac | 6 ++++-- defines.h | 7 ++++++- log.c | 2 ++ 4 files changed, 16 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 4f31df3ba..d813c1fc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ [gss-genr.c ssh-gss.h] constify host argument to match the rest of the GSSAPI functions and unbreak compilation with -Werror + - (djm) Disable sigdie() for platforms that cannot safely syslog inside + a signal handler (basically all of them, excepting OpenBSD); + ok dtucker@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5263,4 +5266,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4495 2006/08/18 14:46:43 djm Exp $ +$Id: ChangeLog,v 1.4496 2006/08/18 22:38:23 djm Exp $ diff --git a/configure.ac b/configure.ac index f8e6cd4ce..9d30bff61 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.350 2006/08/18 08:51:20 dtucker Exp $ +# $Id: configure.ac,v 1.351 2006/08/18 22:38:23 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.350 $) +AC_REVISION($Revision: 1.351 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -402,6 +402,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) + AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1, + [syslog_r function is safe to use in in a signal handler]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/defines.h b/defines.h index fdc43cd92..6b395f806 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.136 2006/08/06 11:23:28 dtucker Exp $ */ +/* $Id: defines.h,v 1.137 2006/08/18 22:38:24 djm Exp $ */ /* Constants */ @@ -542,6 +542,11 @@ struct winsize { # undef HAVE_UPDWTMPX #endif +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \ + defined(SYSLOG_R_SAFE_IN_SIGHAND) +# define DO_LOG_SAFE_IN_SIGHAND +#endif + #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) # define memmove(s1, s2, n) bcopy((s2), (s1), (n)) #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ diff --git a/log.c b/log.c index 32db0cb5f..0ce4d85f7 100644 --- a/log.c +++ b/log.c @@ -142,9 +142,11 @@ sigdie(const char *fmt,...) { va_list args; +#ifdef DO_LOG_SAFE_IN_SIGHAND va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); +#endif _exit(1); } -- cgit v1.2.3 From 4ba387337cde36071917ea1c8f0277653a6670fc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 19:55:02 +1000 Subject: - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. --- ChangeLog | 4 +++- configure.ac | 14 ++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 206efa7e9..84c0bd419 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20060820 - (dtucker) [log.c] Move ifdef to prevent unused variable warning. + - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore + afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. 20060819 - (djm) OpenBSD CVS Sync @@ -5277,4 +5279,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4499 2006/08/20 07:55:54 dtucker Exp $ +$Id: ChangeLog,v 1.4500 2006/08/20 09:55:02 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9d30bff61..17de2173a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.351 2006/08/18 22:38:23 djm Exp $ +# $Id: configure.ac,v 1.352 2006/08/20 09:55:02 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.351 $) +AC_REVISION($Revision: 1.352 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1691,10 +1691,12 @@ AC_ARG_WITH(pam, AC_MSG_ERROR([PAM headers not found]) fi + saved_LIBS="$LIBS" AC_CHECK_LIB(dl, dlopen, , ) AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) AC_CHECK_FUNCS(pam_getenvlist) AC_CHECK_FUNCS(pam_putenv) + LIBS="$saved_LIBS" PAM_MSG="yes" @@ -3820,14 +3822,6 @@ if test ! -z "$blibpath" ; then AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) fi -dnl remove pam and dl because they are in $LIBPAM -if test "$PAM_MSG" = yes ; then - LIBS=`echo $LIBS | sed 's/-lpam //'` -fi -if test "$ac_cv_lib_pam_pam_set_item" = yes ; then - LIBS=`echo $LIBS | sed 's/-ldl //'` -fi - dnl Adding -Werror to CFLAGS early prevents configure tests from running. dnl Add now. CFLAGS="$CFLAGS $werror_flags" -- cgit v1.2.3 From 3e6bde483de0de7ec38f131ee2639e52c828bec8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 20:03:50 +1000 Subject: - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for fixing bug #1181. No changes yet. --- ChangeLog | 4 +- configure.ac | 117 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 61 insertions(+), 60 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 84c0bd419..dc43a0544 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [log.c] Move ifdef to prevent unused variable warning. - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. + - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for + fixing bug #1181. No changes yet. 20060819 - (djm) OpenBSD CVS Sync @@ -5279,4 +5281,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4500 2006/08/20 09:55:02 dtucker Exp $ +$Id: ChangeLog,v 1.4501 2006/08/20 10:03:50 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 17de2173a..a3eec9520 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.352 2006/08/20 09:55:02 dtucker Exp $ +# $Id: configure.ac,v 1.353 2006/08/20 10:03:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.352 $) +AC_REVISION($Revision: 1.353 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1680,63 +1680,6 @@ fi AC_FUNC_GETPGRP -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH(pam, - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB(dl, dlopen, , ) - AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) - AC_CHECK_FUNCS(pam_getenvlist) - AC_CHECK_FUNCS(pam_putenv) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - AC_DEFINE(USE_PAM, 1, - [Define if you want to enable PAM support]) - if test $ac_cv_lib_dl_dlopen = yes; then - LIBPAM="-lpam -ldl" - else - LIBPAM="-lpam" - fi - AC_SUBST(LIBPAM) - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_TRY_COMPILE( - [ -#include -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include -#elif defined (HAVE_PAM_PAM_APPL_H) -#include -#endif - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], - [AC_MSG_RESULT(no)], - [ - AC_DEFINE(HAVE_OLD_PAM, 1, - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT(yes) - PAM_MSG="yes (old library)" - ] - ) -fi - # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" @@ -1963,6 +1906,62 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } ] ) +# Check for PAM libs +PAM_MSG="no" +AC_ARG_WITH(pam, + [ --with-pam Enable PAM support ], + [ + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi + + saved_LIBS="$LIBS" + AC_CHECK_LIB(dl, dlopen, , ) + AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) + AC_CHECK_FUNCS(pam_getenvlist) + AC_CHECK_FUNCS(pam_putenv) + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + AC_DEFINE(USE_PAM, 1, + [Define if you want to enable PAM support]) + if test $ac_cv_lib_dl_dlopen = yes; then + LIBPAM="-lpam -ldl" + else + LIBPAM="-lpam" + fi + AC_SUBST(LIBPAM) + fi + ] +) + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_TRY_COMPILE( + [ +#include +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + ], + [(void)pam_strerror((pam_handle_t *)NULL, -1);], + [AC_MSG_RESULT(no)], + [ + AC_DEFINE(HAVE_OLD_PAM, 1, + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) + AC_MSG_RESULT(yes) + PAM_MSG="yes (old library)" + ] + ) +fi # Do we want to force the use of the rand helper? AC_ARG_WITH(rand-helper, -- cgit v1.2.3 From 639bbe8bfe3d5038c279c97699de06cb0f120458 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 20:17:53 +1000 Subject: - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL (0.9.8a and presumably newer) requires -ldl to successfully link. --- ChangeLog | 4 +++- configure.ac | 47 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 45 insertions(+), 6 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index dc43a0544..62adc612b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for fixing bug #1181. No changes yet. + - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL + (0.9.8a and presumably newer) requires -ldl to successfully link. 20060819 - (djm) OpenBSD CVS Sync @@ -5281,4 +5283,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4501 2006/08/20 10:03:50 dtucker Exp $ +$Id: ChangeLog,v 1.4502 2006/08/20 10:17:53 dtucker Exp $ diff --git a/configure.ac b/configure.ac index a3eec9520..b2939eeed 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.353 2006/08/20 10:03:50 dtucker Exp $ +# $Id: configure.ac,v 1.354 2006/08/20 10:17:53 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.353 $) +AC_REVISION($Revision: 1.354 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1825,6 +1825,36 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +AC_MSG_CHECKING([if programs using OpenSSL functions will link]) +AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +int main(void) { SSLeay_add_all_algorithms(); } + ]])], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + saved_LIBS="$LIBS" + LIBS="$LIBS -ldl" + AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +int main(void) { SSLeay_add_all_algorithms(); } + ]])], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + LIBS="$saved_LIBS" + ] + ) + ] +) + AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], [ if test "x$withval" != "xno" ; then @@ -1926,12 +1956,19 @@ AC_ARG_WITH(pam, PAM_MSG="yes" + LIBPAM="-lpam" AC_DEFINE(USE_PAM, 1, [Define if you want to enable PAM support]) + if test $ac_cv_lib_dl_dlopen = yes; then - LIBPAM="-lpam -ldl" - else - LIBPAM="-lpam" + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + LIBPAM="-$LIBPAM -ldl" + ;; + esac fi AC_SUBST(LIBPAM) fi -- cgit v1.2.3 From 0eb810015f9ba94ac04464fc6a714b17e604acbc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 21:43:19 +1000 Subject: - (dtucker) [configure.ac] Remove errant "-". --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 62adc612b..d7bf2d9d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ fixing bug #1181. No changes yet. - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL (0.9.8a and presumably newer) requires -ldl to successfully link. + - (dtucker) [configure.ac] Remove errant "-". 20060819 - (djm) OpenBSD CVS Sync @@ -5283,4 +5284,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4502 2006/08/20 10:17:53 dtucker Exp $ +$Id: ChangeLog,v 1.4503 2006/08/20 11:43:19 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b2939eeed..90cfbea9a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.354 2006/08/20 10:17:53 dtucker Exp $ +# $Id: configure.ac,v 1.355 2006/08/20 11:43:19 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.354 $) +AC_REVISION($Revision: 1.355 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1966,7 +1966,7 @@ AC_ARG_WITH(pam, # libdl already in LIBS ;; *) - LIBPAM="-$LIBPAM -ldl" + LIBPAM="$LIBPAM -ldl" ;; esac fi -- cgit v1.2.3 From 1b06dc30ad4692ec76c476d130ba7366f7ebfef2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 31 Aug 2006 03:24:41 +1000 Subject: - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] [platform.c platform.h sshd.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] [openbsd-compat/port-solaris.h] Add support for Solaris process contracts, enabled with --use-solaris-contracts. Patch from Chad Mynhier, tweaked by dtucker@ and myself; ok dtucker@ --- CREDITS | 3 +- ChangeLog | 10 ++- LICENCE | 1 + Makefile.in | 7 +- configure.ac | 22 ++++- includes.h | 1 + openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 8 +- openbsd-compat/port-solaris.c | 189 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-solaris.h | 27 ++++++ platform.c | 46 ++++++++++ platform.h | 23 +++++ sshd.c | 3 + 13 files changed, 332 insertions(+), 12 deletions(-) create mode 100644 openbsd-compat/port-solaris.c create mode 100644 openbsd-compat/port-solaris.h create mode 100644 platform.c create mode 100644 platform.h (limited to 'configure.ac') diff --git a/CREDITS b/CREDITS index 82b9f2210..eaf105a91 100644 --- a/CREDITS +++ b/CREDITS @@ -25,6 +25,7 @@ Chris, the Young One - Password auth fixes Christos Zoulas - Autoconf fixes Chun-Chung Chen - RPM fixes Corinna Vinschen - Cygwin support +Chad Mynhier - Solaris Process Contract support Dan Brosemer - Autoconf support, build fixes Darren Hall - AIX patches Darren Tucker - AIX BFF package scripts @@ -100,5 +101,5 @@ Apologies to anyone I have missed. Damien Miller -$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $ +$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $ diff --git a/ChangeLog b/ChangeLog index d9aa6f6d5..0a702d3fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060831 + - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] + [platform.c platform.h sshd.c openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] + [openbsd-compat/port-solaris.h] Add support for Solaris process + contracts, enabled with --use-solaris-contracts. Patch from Chad + Mynhier, tweaked by dtucker@ and myself; ok dtucker@ + 20060830 - (djm) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 @@ -5338,4 +5346,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $ +$Id: ChangeLog,v 1.4519 2006/08/30 17:24:41 djm Exp $ diff --git a/LICENCE b/LICENCE index 17d94aef5..0c2ff067a 100644 --- a/LICENCE +++ b/LICENCE @@ -288,6 +288,7 @@ OpenSSH contains no GPL code. Internet Software Consortium. Todd C. Miller Reyk Floeter + Chad Mynhier * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/Makefile.in b/Makefile.in index e1f86dbef..525b08eba 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.280 2006/08/22 12:24:11 dtucker Exp $ +# $Id: Makefile.in,v 1.281 2006/08/30 17:24:41 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -44,6 +44,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ LIBSELINUX=@LIBSELINUX@ +SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ @@ -87,7 +88,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o + audit.o audit-bsm.o platform.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 @@ -137,7 +138,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 90cfbea9a..3aba414a2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.355 2006/08/20 11:43:19 dtucker Exp $ +# $Id: configure.ac,v 1.356 2006/08/30 17:24:41 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.355 $) +AC_REVISION($Revision: 1.356 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -127,6 +127,10 @@ AC_ARG_WITH(rpath, ] ) +# Messages for features tested for in target-specific section +SIA_MSG="no" +SPC_MSG="no" + # Check for some target-specific stuff case "$host" in *-*-aix*) @@ -438,6 +442,17 @@ mips-sony-bsd|mips-sony-newsos4) else AC_MSG_RESULT(no) fi + AC_ARG_WITH(solaris-contracts, + [ --with-solaris-contracts Enable Solaris process contracts (experimental)], + [ + AC_CHECK_LIB(contract, ct_tmpl_activate, + [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, + [Define if you have Solaris process contracts]) + SSHDLIBS="$SSHDLIBS -lcontract" + AC_SUBST(SSHDLIBS) + SPC_MSG="yes" ], ) + ], + ) ;; *-*-sunos4*) CPPFLAGS="$CPPFLAGS -DSUNOS4" @@ -586,6 +601,7 @@ mips-sony-bsd|mips-sony-newsos4) system's login() call]) AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" + SIA_MSG="yes" else AC_MSG_RESULT(no) AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin", @@ -3905,6 +3921,7 @@ echo " sshd superuser user PATH: $J" fi echo " Manpage format: $MANTYPE" echo " PAM support: $PAM_MSG" +echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" @@ -3912,6 +3929,7 @@ echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" +echo " Solaris process contract support: $SPC_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/includes.h b/includes.h index 8e600567d..03665a3d3 100644 --- a/includes.h +++ b/includes.h @@ -160,6 +160,7 @@ #include "defines.h" +#include "platform.h" #include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/bsd-nextstep.h" diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 67e521bfe..9f06605d7 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $ +# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o +PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 18249d81e..278ac71d9 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.40 2006/07/12 13:10:34 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -190,10 +190,12 @@ char *shadow_pw(struct passwd *pw); /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" + +#include "port-aix.h" #include "port-irix.h" #include "port-linux.h" -#include "port-aix.h" -#include "port-uw.h" +#include "port-solaris.h" #include "port-tun.h" +#include "port-uw.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c new file mode 100644 index 000000000..f31f0c6ea --- /dev/null +++ b/openbsd-compat/port-solaris.c @@ -0,0 +1,189 @@ +/* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */ + +/* + * Copyright (c) 2006 Chad Mynhier. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#include "includes.h" + +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + +#include +#include +#include + +#include +#ifdef HAVE_FCNTL_H +# include +#endif +#include +#include + +#include +#include +#include + +#include "log.h" + +#define CT_TEMPLATE CTFS_ROOT "/process/template" +#define CT_LATEST CTFS_ROOT "/process/latest" + +static int tmpl_fd = -1; + +/* Lookup the latest process contract */ +static ctid_t +get_active_process_contract_id(void) +{ + int stat_fd; + ctid_t ctid = -1; + ct_stathdl_t stathdl; + + if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { + error("%s: Error opening 'latest' process " + "contract: %s", __func__, strerror(errno)); + return -1; + } + if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { + error("%s: Error reading process contract " + "status: %s", __func__, strerror(errno)); + goto out; + } + if ((ctid = ct_status_get_id(stathdl)) < 0) { + error("%s: Error getting process contract id: %s", + __func__, strerror(errno)); + goto out; + } + + ct_status_free(stathdl); + out: + close(stat_fd); + return ctid; +} + +void +solaris_contract_pre_fork(void) +{ + if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { + error("%s: open %s: %s", __func__, + CT_TEMPLATE, strerror(errno)); + return; + } + + debug2("%s: setting up process contract template on fd %d", + __func__, tmpl_fd); + + /* We have to set certain attributes before activating the template */ + if (ct_pr_tmpl_set_fatal(tmpl_fd, + CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) { + error("%s: Error setting process contract template " + "fatal events: %s", __func__, strerror(errno)); + goto fail; + } + if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) { + error("%s: Error setting process contract template " + "critical events: %s", __func__, strerror(errno)); + goto fail; + } + + /* Now make this the active template for this process. */ + if (ct_tmpl_activate(tmpl_fd) != 0) { + error("%s: Error activating process contract " + "template: %s", __func__, strerror(errno)); + goto fail; + } + return; + + fail: + if (tmpl_fd != -1) { + close(tmpl_fd); + tmpl_fd = -1; + } +} + +void +solaris_contract_post_fork_child() +{ + debug2("%s: clearing process contract template on fd %d", + __func__, tmpl_fd); + + /* Clear the active template. */ + if (ct_tmpl_clear(tmpl_fd) != 0) + error("%s: Error clearing active process contract " + "template: %s", __func__, strerror(errno)); + + close(tmpl_fd); + tmpl_fd = -1; +} + +void +solaris_contract_post_fork_parent(pid_t pid) +{ + ctid_t ctid; + char ctl_path[256]; + int r, ctl_fd = -1, stat_fd = -1; + + debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); + + if (tmpl_fd == -1) + return; + + /* First clear the active template. */ + if ((r = ct_tmpl_clear(tmpl_fd)) != 0) + error("%s: Error clearing active process contract " + "template: %s", __func__, strerror(errno)); + + close(tmpl_fd); + tmpl_fd = -1; + + /* + * If either the fork didn't succeed (pid < 0), or clearing + * th active contract failed (r != 0), then we have nothing + * more do. + */ + if (r != 0 || pid <= 0) + return; + + /* Now lookup and abandon the contract we've created. */ + ctid = get_active_process_contract_id(); + + debug2("%s: abandoning contract id %ld", __func__, ctid); + + snprintf(ctl_path, sizeof(ctl_path), + CTFS_ROOT "/process/%ld/ctl", ctid); + if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { + error("%s: Error opening process contract " + "ctl file: %s", __func__, strerror(errno)); + goto fail; + } + if (ct_ctl_abandon(ctl_fd) < 0) { + error("%s: Error abandoning process contract: %s", + __func__, strerror(errno)); + goto fail; + } + close(ctl_fd); + return; + + fail: + if (tmpl_fd != -1) { + close(tmpl_fd); + tmpl_fd = -1; + } + if (stat_fd != -1) + close(stat_fd); + if (ctl_fd != -1) + close(ctl_fd); +} +#endif diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h new file mode 100644 index 000000000..4c324871e --- /dev/null +++ b/openbsd-compat/port-solaris.h @@ -0,0 +1,27 @@ +/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */ + +/* + * Copyright (c) 2006 Chad Mynhier. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_SOLARIS_H + +#include + +void solaris_contract_pre_fork(void); +void solaris_contract_post_fork_child(void); +void solaris_contract_post_fork_parent(pid_t pid); + +#endif diff --git a/platform.c b/platform.c new file mode 100644 index 000000000..aee4b01e7 --- /dev/null +++ b/platform.c @@ -0,0 +1,46 @@ +/* $Id: platform.c,v 1.1 2006/08/30 17:24:41 djm Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#include "platform.h" + +#include "openbsd-compat/openbsd-compat.h" + +void +platform_pre_fork(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_pre_fork(); +#endif +} + +void +platform_post_fork_parent(pid_t child_pid) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_parent(child_pid); +#endif +} + +void +platform_post_fork_child(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_child(); +#endif +} diff --git a/platform.h b/platform.h new file mode 100644 index 000000000..cf93bc57c --- /dev/null +++ b/platform.h @@ -0,0 +1,23 @@ +/* $Id: platform.h,v 1.1 2006/08/30 17:24:41 djm Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +void platform_pre_fork(void); +void platform_post_fork_parent(pid_t child_pid); +void platform_post_fork_child(void); diff --git a/sshd.c b/sshd.c index dcc626589..ee588ff8a 100644 --- a/sshd.c +++ b/sshd.c @@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * the child process the connection. The * parent continues listening. */ + platform_pre_fork(); if ((pid = fork()) == 0) { /* * Child. Close the listening and @@ -1163,6 +1164,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * We break out of the loop to handle * the connection. */ + platform_post_fork_child(); startup_pipe = startup_p[1]; close_startup_pipes(); close_listen_socks(); @@ -1178,6 +1180,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } /* Parent. Stay in the loop. */ + platform_post_fork_parent(pid); if (pid < 0) error("fork: %.100s", strerror(errno)); else -- cgit v1.2.3 From 096faecdea1e39ecace0b20f4e208bd7ec33f6d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 1 Sep 2006 20:29:10 +1000 Subject: - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly test for GLOB_NOMATCH and use our glob functions if it's not found. Stops sftp from segfaulting when attempting to get a nonexistent file on Cygwin (previous versions of OpenSSH didn't use the native glob). Partly from and tested by Corinna Vinschen. --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- includes.h | 3 ++- openbsd-compat/glob.c | 3 ++- openbsd-compat/glob.h | 3 ++- 5 files changed, 16 insertions(+), 6 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f10393f3c..0cbd4b627 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,11 @@ sys/socket.h and unistd.h in various places - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration warnings for binary_open and binary_close. Patch from Corinna Vinschen. + - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly + test for GLOB_NOMATCH and use our glob functions if it's not found. + Stops sftp from segfaulting when attempting to get a nonexistent file on + Cygwin (previous versions of OpenSSH didn't use the native glob). Partly + from and tested by Corinna Vinschen. 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] @@ -5370,4 +5375,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4523 2006/09/01 09:29:01 dtucker Exp $ +$Id: ChangeLog,v 1.4524 2006/09/01 10:29:10 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3aba414a2..c37d7f499 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.356 2006/08/30 17:24:41 djm Exp $ +# $Id: configure.ac,v 1.357 2006/09/01 10:29:11 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.356 $) +AC_REVISION($Revision: 1.357 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -982,6 +982,8 @@ AC_TRY_COMPILE( ] ) +AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include ]) + AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) AC_RUN_IFELSE( [AC_LANG_SOURCE([[ diff --git a/includes.h b/includes.h index 2101f13c9..967fcc26c 100644 --- a/includes.h +++ b/includes.h @@ -30,7 +30,8 @@ # include #endif #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ - defined(GLOB_HAS_GL_MATCHC) + defined(GLOB_HAS_GL_MATCHC) && \ + defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 # include #endif #ifdef HAVE_ENDIAN_H diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index ec16b1108..b3dd2b171 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -47,7 +47,8 @@ #include #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) + !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 static long get_arg_max(void) diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 4fdbfc1ea..9ba07f76e 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -38,7 +38,8 @@ /* OPENBSD ORIGINAL: include/glob.h */ #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) + !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 #ifndef _GLOB_H_ #define _GLOB_H_ -- cgit v1.2.3 From ed0b59218ef9bb41a25922885d3fae7e67b8ba04 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 3 Sep 2006 22:44:49 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for declaration of writev(2) and declare it ourselves if necessary. Makes the atomiciov() calls build on really old systems. ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 10 ++++++++-- openbsd-compat/openbsd-compat.h | 7 ++++++- 3 files changed, 20 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 56b4af7c4..7cdcbf091 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060903 + - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for + declaration of writev(2) and declare it ourselves if necessary. Makes + the atomiciov() calls build on really old systems. ok djm@ + 20060902 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c @@ -5385,4 +5390,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4527 2006/09/02 05:32:40 dtucker Exp $ +$Id: ChangeLog,v 1.4528 2006/09/03 12:44:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c37d7f499..cdabbd8a1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.357 2006/09/01 10:29:11 dtucker Exp $ +# $Id: configure.ac,v 1.358 2006/09/03 12:44:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.357 $) +AC_REVISION($Revision: 1.358 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1328,6 +1328,12 @@ AC_CHECK_DECLS(O_NONBLOCK, , , #endif ]) +AC_CHECK_DECLS(writev, , , [ +#include +#include +#include + ]) + AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 278ac71d9..aac2e6cbc 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.42 2006/09/03 12:44:50 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -131,6 +131,11 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); int BSDgetopt(int argc, char * const *argv, const char *opts); #endif +#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 +# include +# include +int writev(int, struct iovec *, int); +#endif /* Home grown routines */ #include "bsd-misc.h" -- cgit v1.2.3 From 3e0891093a990b1d5111d5190f69c13277daedc7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 4 Sep 2006 22:37:41 +1000 Subject: - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 7cdcbf091..922b2c649 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060904 + - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native + updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, + ok djm@ + 20060903 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for declaration of writev(2) and declare it ourselves if necessary. Makes @@ -5390,4 +5395,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4528 2006/09/03 12:44:49 dtucker Exp $ +$Id: ChangeLog,v 1.4529 2006/09/04 12:37:41 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cdabbd8a1..32ecd0da8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.358 2006/09/03 12:44:49 dtucker Exp $ +# $Id: configure.ac,v 1.359 2006/09/04 12:37:42 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.358 $) +AC_REVISION($Revision: 1.359 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,6 +512,8 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) + AC_DEFINES(BROKEN_UPDWTMP, 1, + [using updwtmp will corrupt wtmp entries]) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; -- cgit v1.2.3 From e1fe09968d12e79f34d9e48475f2bfd2c0556b83 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 5 Sep 2006 07:53:38 +1000 Subject: - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. --- ChangeLog | 5 ++++- configure.ac | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 922b2c649..8013660fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060905 + - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. + 20060904 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, @@ -5395,4 +5398,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4529 2006/09/04 12:37:41 dtucker Exp $ +$Id: ChangeLog,v 1.4530 2006/09/04 21:53:38 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 32ecd0da8..ce51b4cd5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.359 2006/09/04 12:37:42 dtucker Exp $ +# $Id: configure.ac,v 1.360 2006/09/04 21:53:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.359 $) +AC_REVISION($Revision: 1.360 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,7 +512,7 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) - AC_DEFINES(BROKEN_UPDWTMP, 1, + AC_DEFINE(BROKEN_UPDWTMP, 1, [using updwtmp will corrupt wtmp entries]) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") -- cgit v1.2.3 From b8f00193d84781a46939ffaa94dccbe9986984eb Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 6 Sep 2006 18:11:29 -0700 Subject: - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 --- ChangeLog | 3 ++- configure.ac | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b4340de78..bbbd985d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes + - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. @@ -5406,4 +5407,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4532 2006/09/07 00:36:43 djm Exp $ +$Id: ChangeLog,v 1.4533 2006/09/07 01:11:29 tim Exp $ diff --git a/configure.ac b/configure.ac index ce51b4cd5..493409f4d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.360 2006/09/04 21:53:38 dtucker Exp $ +# $Id: configure.ac,v 1.361 2006/09/07 01:11:29 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.360 $) +AC_REVISION($Revision: 1.361 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,8 +512,7 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) - AC_DEFINE(BROKEN_UPDWTMP, 1, - [using updwtmp will corrupt wtmp entries]) + AC_DEFINE(BROKEN_UPDWTMPX) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; -- cgit v1.2.3 From 6d0d6fbfdfe7afd7fa0bb8541b743f9194cdd437 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 01:05:21 +1000 Subject: - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. --- ChangeLog | 3 ++- configure.ac | 12 +++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index aaf8563c3..818cb9774 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch from Chris Adams. + - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. 20060907 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can @@ -5414,4 +5415,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4536 2006/09/07 23:54:41 dtucker Exp $ +$Id: ChangeLog,v 1.4537 2006/09/08 15:05:21 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 493409f4d..4a3c39fcb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.361 2006/09/07 01:11:29 tim Exp $ +# $Id: configure.ac,v 1.362 2006/09/08 15:05:21 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.361 $) +AC_REVISION($Revision: 1.362 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1166,7 +1166,13 @@ AC_ARG_WITH(audit, AUDIT_MODULE=bsm dnl Checks for headers, libs and functions AC_CHECK_HEADERS(bsm/audit.h, [], - [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)], + [ +#ifdef HAVE_TIME_H +# include +#endif + ] +) AC_CHECK_LIB(bsm, getaudit, [], [AC_MSG_ERROR(BSM enabled and required library not found)]) AC_CHECK_FUNCS(getaudit, [], -- cgit v1.2.3 From 57b2920ad896b4c1b7a6f5ba0171bdb311e8cc36 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 10 Sep 2006 20:25:51 +1000 Subject: - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. --- ChangeLog | 3 ++- configure.ac | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b746504c5..226373ac1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060910 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. + - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. @@ -5423,4 +5424,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4541 2006/09/10 03:24:18 dtucker Exp $ +$Id: ChangeLog,v 1.4542 2006/09/10 10:25:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 4a3c39fcb..80b0360c0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.362 2006/09/08 15:05:21 dtucker Exp $ +# $Id: configure.ac,v 1.363 2006/09/10 10:25:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.362 $) +AC_REVISION($Revision: 1.363 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -253,6 +253,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) ;; +*-*-dragonfly*) + SSHDLIBS="$SSHDLIBS -lcrypt" + ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" -- cgit v1.2.3 From 223897a01af2f496577cbf8f7fa5c5209109ef8e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Sep 2006 21:54:10 +1000 Subject: - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] Support SMF in Solaris Packages if enabled by configure. Patch from Chad Mynhier, tested by dtucker@ --- ChangeLog | 7 ++- Makefile.in | 4 +- buildpkg.sh.in | 174 ++++++++++++++++++++++++++++++++++++++++++++++++--------- configure.ac | 9 +-- openssh.xml.in | 87 +++++++++++++++++++++++++++++ 5 files changed, 247 insertions(+), 34 deletions(-) create mode 100644 openssh.xml.in (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 128c91491..c61fd9343 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060912 + - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] + Support SMF in Solaris Packages if enabled by configure. Patch from + Chad Mynhier, tested by dtucker@ + 20060911 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted by Pekka Savola. @@ -5428,4 +5433,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4543 2006/09/11 10:46:13 dtucker Exp $ +$Id: ChangeLog,v 1.4544 2006/09/12 11:54:10 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 525b08eba..71f3623f1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.281 2006/08/30 17:24:41 djm Exp $ +# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -203,7 +203,7 @@ clean: regressclean distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core opensshd.init + rm -f *.out core opensshd.init openssh.xml rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache diff --git a/buildpkg.sh.in b/buildpkg.sh.in index a3960cb89..a3b9014bc 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -46,6 +46,8 @@ PKG_REQUEST_LOCAL=../pkg-request.local # end of sourced files # OPENSSHD=opensshd.init +OPENSSH_MANIFEST=openssh.xml +OPENSSH_FMRI=svc:/site/openssh:default PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ PATH_USERADD_PROG=@PATH_USERADD_PROG@ @@ -60,6 +62,10 @@ SYSTEM_DIR="/etc \ /etc/rc1.d \ /etc/rc2.d \ /etc/opt \ +/lib \ +/lib/svc \ +/lib/svc/method \ +/lib/svc/method/site \ /opt \ /opt/bin \ /usr \ @@ -82,6 +88,9 @@ SYSTEM_DIR="/etc \ /var \ /var/opt \ /var/run \ +/var/svc \ +/var/svc/manifest \ +/var/svc/manifest/site \ /var/tmp \ /tmp" @@ -119,6 +128,12 @@ do eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` done +## Are we using Solaris' SMF? +DO_SMF=0 +if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1 +then + DO_SMF=1 +fi ## Collect value of privsep user for confvar in SSH_PRIVSEP_USER @@ -168,10 +183,25 @@ then fi ## Setup our run level stuff while we are at it. -mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d +if [ $DO_SMF -eq 1 ] +then + # For Solaris' SMF, /lib/svc/method/site is the preferred place + # for start/stop scripts that aren't supplied with the OS, and + # similarly /var/svc/manifest/site for manifests. + mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site + mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site + + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} + + cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site + chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST} +else + mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d -cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} -chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} +fi [ "${PERMIT_ROOT_LOGIN}" = no ] && \ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ @@ -221,15 +251,22 @@ touch depend ## Build space file echo "Building space file..." -cat > space << _EOF -# extra space required by start/stop links added by installf in postinstall +if [ $DO_SMF -eq 1 ] +then + # XXX Is this necessary? If not, remove space line from mk-proto.awk. + touch space +else + cat > space << _EOF +# extra space required by start/stop links added by installf +# in postinstall $TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1 $TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1 _EOF -[ "$RC1_D" = no ] || \ -echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space -[ "$RCS_D" = yes ] && \ -echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space + [ "$RC1_D" = no ] || \ + echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space + [ "$RCS_D" = yes ] && \ + echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space +fi ## Build preinstall file echo "Building preinstall file..." @@ -243,7 +280,16 @@ _EOF cat >> preinstall << _EOF # -[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +if [ "\${PRE_INS_STOP}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + svcadm disable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop + fi +fi + exit 0 _EOF @@ -265,28 +311,41 @@ cat > postinstall << _EOF } # make rc?.d dirs only if we are doing a test install -[ -n "${TEST_DIR}" ] && { +[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d mkdir -p ${TEST_DIR}/etc/rc0.d [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d mkdir -p ${TEST_DIR}/etc/rc2.d } -if [ "\${USE_SYM_LINKS}" = yes ] +if [ $DO_SMF -eq 1 ] then - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + # Delete the existing service, if it exists, then import the + # new one. + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi + # NOTE, if manifest enables sshd by default, this will actually + # start the daemon, which may not be what the user wants. + svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST else - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + if [ "\${USE_SYM_LINKS}" = yes ] + then + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + else + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + fi fi # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) @@ -357,7 +416,17 @@ fi \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER } -[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start +if [ "\${POST_INS_START}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + # See svccfg import note above. The service may already + # be started. + svcadm enable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start + fi +fi exit 0 _EOF @@ -366,7 +435,12 @@ echo "Building preremove file..." cat > preremove << _EOF #! ${SCRIPT_SHELL} # -${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +if [ $DO_SMF -eq 1 ] +then + svcadm disable $OPENSSH_FMRI +else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +fi _EOF # local preremove changes here @@ -381,6 +455,13 @@ echo "Building postremove file..." cat > postremove << _EOF #! ${SCRIPT_SHELL} # +if [ $DO_SMF -eq 1 ] +then + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi +fi _EOF # local postremove changes here @@ -446,7 +527,45 @@ done _EOF -cat >> request << _EOF +if [ $DO_SMF -eq 1 ] +then + # This could get hairy, as the running sshd may not be under SMF. + # We'll assume an earlier version of OpenSSH started via SMF. + cat >> request << _EOF +PRE_INS_STOP=no +POST_INS_START=no +# determine if should restart the daemon +if [ -s ${piddir}/sshd.pid ] && \ + /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 +then + ans=\`ckyorn -d n \ +-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) PRE_INS_STOP=yes + POST_INS_START=yes + ;; + esac + +else + +# determine if we should start sshd + ans=\`ckyorn -d n \ +-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) POST_INS_START=yes ;; + esac +fi + +# make parameters available to installation service, +# and so to any other packaging scripts +cat >\$1 <> request << _EOF USE_SYM_LINKS=no PRE_INS_STOP=no POST_INS_START=no @@ -487,6 +606,7 @@ POST_INS_START='\$POST_INS_START' ! _EOF +fi # local request changes here [ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL} diff --git a/configure.ac b/configure.ac index 80b0360c0..cfc5d594a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.363 2006/09/10 10:25:51 dtucker Exp $ +# $Id: configure.ac,v 1.364 2006/09/12 11:54:11 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.363 $) +AC_REVISION($Revision: 1.364 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3897,8 +3897,9 @@ dnl Add now. CFLAGS="$CFLAGS $werror_flags" AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ - openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh]) +AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ + openbsd-compat/Makefile openbsd-compat/regress/Makefile \ + scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options diff --git a/openssh.xml.in b/openssh.xml.in new file mode 100644 index 000000000..655ee5c9e --- /dev/null +++ b/openssh.xml.in @@ -0,0 +1,87 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 9216c37d60fdb8b9e247541991248e0ca86cac07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Sep 2006 23:17:40 +1000 Subject: - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. Allows build out of the box with older VAC and XLC compilers. Found by David Bronder and Bernhard Simon. --- ChangeLog | 8 +++++++- configure.ac | 25 +++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a16e83478..f3d8d49ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060918 + - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow + macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. + Allows build out of the box with older VAC and XLC compilers. Found by + David Bronder and Bernhard Simon. + 20060916 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/09/16 19:53:37 @@ -5449,4 +5455,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4550 2006/09/17 12:55:52 dtucker Exp $ +$Id: ChangeLog,v 1.4551 2006/09/18 13:17:40 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cfc5d594a..f790f9a51 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.364 2006/09/12 11:54:11 djm Exp $ +# $Id: configure.ac,v 1.365 2006/09/18 13:17:41 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.364 $) +AC_REVISION($Revision: 1.365 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -134,6 +134,27 @@ SPC_MSG="no" # Check for some target-specific stuff case "$host" in *-*-aix*) + # Some versions of VAC won't allow macro redefinitions at + # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that + # particularly with older versions of vac or xlc. + # It also throws errors about null macro argments, but these are + # not fatal. + AC_MSG_CHECKING(if compiler allows macro redefinitions) + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ +#define testmacro foo +#define testmacro bar +int main(void) { exit(0); } + ]])], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" + LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" + CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" + CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" + ] + ) + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) if (test -z "$blibpath"); then blibpath="/usr/lib:/lib" -- cgit v1.2.3 From 0ee3cbfc519c3be5f842e1ebac1ccc0841ce75d3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 23 Sep 2006 16:25:19 +1000 Subject: - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than $LDFLAGS. Patch from vapier at gentoo org. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f26dae2fd..78abba7d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060923 + - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than + $LDFLAGS. Patch from vapier at gentoo org. + 20060922 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. @@ -5474,4 +5478,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4556 2006/09/22 09:22:17 dtucker Exp $ +$Id: ChangeLog,v 1.4557 2006/09/23 06:25:19 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f790f9a51..01e84104d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.365 2006/09/18 13:17:41 dtucker Exp $ +# $Id: configure.ac,v 1.366 2006/09/23 06:25:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.365 $) +AC_REVISION($Revision: 1.366 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3086,7 +3086,7 @@ AC_ARG_WITH(opensc, LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" - LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" + LIBS="$LIBS $LIBOPENSC_LIBS" AC_DEFINE(SMARTCARD) AC_DEFINE(USE_OPENSC, 1, [Define if you want smartcard support -- cgit v1.2.3 From 983b35b281fa9981acfdf23cd5813897720d1445 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 24 Sep 2006 12:08:59 -0700 Subject: 20060924 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added to rev 1.308) to work around broken gcc 2.x header file. --- ChangeLog | 6 +++++- configure.ac | 5 ++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 78abba7d1..4ac8dc4fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060924 + - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added + to rev 1.308) to work around broken gcc 2.x header file. + 20060923 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than $LDFLAGS. Patch from vapier at gentoo org. @@ -5478,4 +5482,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4557 2006/09/23 06:25:19 dtucker Exp $ +$Id: ChangeLog,v 1.4558 2006/09/24 19:08:59 tim Exp $ diff --git a/configure.ac b/configure.ac index 01e84104d..cfcd0272d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.366 2006/09/23 06:25:20 dtucker Exp $ +# $Id: configure.ac,v 1.367 2006/09/24 19:08:59 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.366 $) +AC_REVISION($Revision: 1.367 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -514,7 +514,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) - CFLAGS="$CFLAGS -Dva_list=_VA_LIST" AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) -- cgit v1.2.3 From 5e8381ee8626c0f0052241926abacf031b5187ec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 29 Sep 2006 20:16:51 +1000 Subject: - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine support. Patch from andrew.benham at thus net. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index e70288d9b..ecd6c61e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060929 + - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine + support. Patch from andrew.benham at thus net. + 20060928 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error on Solaris 8 w/out /dev/random or prngd. Patch from rl at @@ -2502,4 +2506,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4563 2006/09/28 09:40:20 dtucker Exp $ +$Id: ChangeLog,v 1.4564 2006/09/29 10:16:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cfcd0272d..883708559 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.367 2006/09/24 19:08:59 tim Exp $ +# $Id: configure.ac,v 1.368 2006/09/29 10:16:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.367 $) +AC_REVISION($Revision: 1.368 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1916,7 +1916,7 @@ AC_ARG_WITH(ssl-engine, AC_TRY_COMPILE( [ #include ], [ -int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} +ENGINE_load_builtin_engines();ENGINE_register_all_complete(); ], [ AC_MSG_RESULT(yes) AC_DEFINE(USE_OPENSSL_ENGINE, 1, -- cgit v1.2.3 From 1cfab23b7f9e29fa9d66c97334ef9331d033f83d Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 3 Oct 2006 09:34:35 -0700 Subject: - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific section so additional platform specific CHECK_HEADER tests will work correctly. Fixes " on FreeBSD" problem report by des AT des.no Feedback and "seems like a good idea" dtucker@ --- ChangeLog | 8 +- configure.ac | 264 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 139 insertions(+), 133 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index d7160af3a..8bfd2b878 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20061003 + - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific + section so additional platform specific CHECK_HEADER tests will work + correctly. Fixes " on FreeBSD" problem report by des AT des.no + Feedback and "seems like a good idea" dtucker@ + 20061001 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. @@ -2509,4 +2515,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4565 2006/09/30 22:09:50 dtucker Exp $ +$Id: ChangeLog,v 1.4566 2006/10/03 16:34:35 tim Exp $ diff --git a/configure.ac b/configure.ac index 883708559..ecfa50c4b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.368 2006/09/29 10:16:51 dtucker Exp $ +# $Id: configure.ac,v 1.369 2006/10/03 16:34:35 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.368 $) +AC_REVISION($Revision: 1.369 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -127,6 +127,136 @@ AC_ARG_WITH(rpath, ] ) +# Allow user to specify flags +AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH(cppflags, + [ --with-cppflags Specify additional flags to pass to preprocessor] , + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + ] +) +AC_ARG_WITH(ldflags, + [ --with-ldflags Specify additional flags to pass to linker], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + ] +) +AC_ARG_WITH(libs, + [ --with-libs Specify additional libraries to link with], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + ] +) +AC_ARG_WITH(Werror, + [ --with-Werror Build main code with -Werror], + [ + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + ] +) + +AC_CHECK_HEADERS( \ + bstring.h \ + crypt.h \ + crypto/sha2.h \ + dirent.h \ + endian.h \ + features.h \ + fcntl.h \ + floatingpoint.h \ + getopt.h \ + glob.h \ + ia.h \ + iaf.h \ + limits.h \ + login.h \ + maillock.h \ + ndir.h \ + net/if_tun.h \ + netdb.h \ + netgroup.h \ + pam/pam_appl.h \ + paths.h \ + pty.h \ + readpassphrase.h \ + rpc/types.h \ + security/pam_appl.h \ + sha2.h \ + shadow.h \ + stddef.h \ + stdint.h \ + string.h \ + strings.h \ + sys/audit.h \ + sys/bitypes.h \ + sys/bsdtty.h \ + sys/cdefs.h \ + sys/dir.h \ + sys/mman.h \ + sys/ndir.h \ + sys/prctl.h \ + sys/pstat.h \ + sys/select.h \ + sys/stat.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtio.h \ + sys/sysmacros.h \ + sys/time.h \ + sys/timers.h \ + sys/un.h \ + time.h \ + tmpdir.h \ + ttyent.h \ + unistd.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + vis.h \ +) + +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS(login_cap.h, [], [], [ +#include +]) + # Messages for features tested for in target-specific section SIA_MSG="no" SPC_MSG="no" @@ -663,55 +793,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; esac -# Allow user to specify flags -AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH(cppflags, - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH(ldflags, - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH(libs, - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH(Werror, - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - AC_MSG_CHECKING(compiler and flags for sanity) AC_RUN_IFELSE( [AC_LANG_SOURCE([ @@ -727,87 +808,6 @@ int main(){exit(0);} ) dnl Checks for header files. -AC_CHECK_HEADERS( \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS(lastlog.h, [], [], [ -#ifdef HAVE_SYS_TIME_H -# include -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS(sys/ptms.h, [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS(login_cap.h, [], [], [ -#include -]) - # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From adc947d5a532880e7a2ffd1828789ada8fea6931 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 7 Oct 2006 09:07:20 +1000 Subject: - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for SELinux functions so they're detected correctly. Patch from pebenito at gentoo.org. --- ChangeLog | 5 ++++- configure.ac | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 15bf56263..08f48d61c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20061006 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. Differentiate between OpenServer 5 and OpenServer 6 + - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for + SELinux functions so they're detected correctly. Patch from pebenito at + gentoo.org. 20061003 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific @@ -2519,4 +2522,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4567 2006/10/06 21:58:38 tim Exp $ +$Id: ChangeLog,v 1.4568 2006/10/06 23:07:20 dtucker Exp $ diff --git a/configure.ac b/configure.ac index ecfa50c4b..c596a7bd9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.369 2006/10/03 16:34:35 tim Exp $ +# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.369 $) +AC_REVISION($Revision: 1.370 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3145,7 +3145,10 @@ AC_ARG_WITH(selinux, AC_MSG_ERROR(SELinux support requires selinux.h header)) AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" fi ] ) AC_SUBST(LIBSELINUX) -- cgit v1.2.3 From 573e3878b8faa7df21ba265b237b7b394a9fc9a7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 2 Mar 2007 17:50:03 +1100 Subject: - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com. --- ChangeLog | 7 ++++++- configure.ac | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 6377c49a6..b1faab391 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070302 + - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows + CRLF as well as LF lineendings) and write in binary mode. Patch from + vinschen at redhat.com. + 20070301 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 @@ -2784,4 +2789,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4626 2007/03/01 17:34:52 tim Exp $ +$Id: ChangeLog,v 1.4627 2007/03/02 06:50:03 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c596a7bd9..b6a25c9e0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ +# $Id: configure.ac,v 1.371 2007/03/02 06:50:04 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.370 $) +AC_REVISION($Revision: 1.371 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -360,7 +360,7 @@ int main(void) { exit(0); } ;; *-*-cygwin*) check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textmode.o" + LIBS="$LIBS /usr/lib/textreadmode.o" AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) AC_DEFINE(DISABLE_SHADOW, 1, -- cgit v1.2.3 From 9975e483498430b8fa75fccd2bad681781df24d1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 5 Mar 2007 11:51:27 +1100 Subject: - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@ --- ChangeLog | 7 ++++++- configure.ac | 25 +++++++++++++++++++++---- 2 files changed, 27 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 493eddd33..3035eca05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070304 + - (djm) [configure.ac] add a --without-openssl-header-check option to + configure, as some platforms (OS X) ship OpenSSL headers whose version + does not match that of the shipping library. ok dtucker@ + 20070303 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more general to cover newer gdb versions on HP-UX. @@ -2794,4 +2799,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4629 2007/03/02 22:42:23 dtucker Exp $ +$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $ diff --git a/configure.ac b/configure.ac index b6a25c9e0..a2b236355 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.371 2007/03/02 06:50:04 dtucker Exp $ +# $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.371 $) +AC_REVISION($Revision: 1.372 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1857,6 +1857,14 @@ int main(void) { ] ) +AC_ARG_WITH(openssl-header-check, + [ --without-openssl-header-check Disable OpenSSL version consistency check], + [ if test "x$withval" = "xno" ; then + openssl_check_nonfatal=1 + fi + ] +) + # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( @@ -1870,9 +1878,18 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(no) - AC_MSG_ERROR([Your OpenSSL headers do not match your library. -Check config.log for details. + if test "x$openssl_check_nonfatal" = "x"; then + AC_MSG_ERROR([Your OpenSSL headers do not match your +library. Check config.log for details. +If you are sure your installation is consistent, you can disable the check +by running "./configure --without-openssl-header-check". +Also see contrib/findssl.sh for help identifying header/library mismatches. +]) + else + AC_MSG_WARN([Your OpenSSL headers do not match your +library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + fi ], [ AC_MSG_WARN([cross compiling: not checking]) -- cgit v1.2.3