From 5ffe1c4b437a519c90b2017ce8afeef0f845207c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 29 Sep 2011 11:11:51 +1000 Subject: - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch from des AT des.no --- configure.ac | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 7a915272d..38e260ce7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $ +# $Id: configure.ac,v 1.481 2011/09/29 01:11:55 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.480 $) +AC_REVISION($Revision: 1.481 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2522,7 +2522,6 @@ fi AC_CHECK_TYPES([long long, unsigned long long, long double]) # Check datatype sizes -AC_CHECK_SIZEOF([char], [1]) AC_CHECK_SIZEOF([short int], [2]) AC_CHECK_SIZEOF([int], [4]) AC_CHECK_SIZEOF([long int], [4]) -- cgit v1.2.3 From b54f50e5d0053e2c79fbb5032722aca541fdc6c1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 29 Sep 2011 23:17:18 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strnlen.c] Add strnlen to the compat library. --- ChangeLog | 2 ++ configure.ac | 50 ++++++++++++++++++++++++++++++++++++++++++++-- openbsd-compat/Makefile.in | 4 ++-- openbsd-compat/strnlen.c | 37 ++++++++++++++++++++++++++++++++++ 4 files changed, 89 insertions(+), 4 deletions(-) create mode 100644 openbsd-compat/strnlen.c (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 1e07c1bd3..b799c1c22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20110929 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch from des AT des.no + - (dtucker) [configure.ac openbsd-compat/Makefile.in + openbsd-compat/strnlen.c] Add strnlen to the compat library. 20110923 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no diff --git a/configure.ac b/configure.ac index 38e260ce7..95a2a8d1d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.481 2011/09/29 01:11:55 djm Exp $ +# $Id: configure.ac,v 1.482 2011/09/29 13:17:21 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.481 $) +AC_REVISION($Revision: 1.482 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1501,6 +1501,7 @@ AC_CHECK_FUNCS([ \ strlcat \ strlcpy \ strmode \ + strnlen \ strnvis \ strptime \ strtonum \ @@ -2505,6 +2506,51 @@ elif test "x$sandbox_arg" = "xrlimit" || \ AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) SANDBOX_STYLE="rlimit" AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) + + AC_MSG_CHECKING([if select works with zero available fds]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#include +#include +#include +#include +#include + ]], [[ + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + fd = open("/dev/null", O_RDWR); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + FD_ZERO(&fds); + FD_SET(fd, &fds); + r = select(fd+1, &fds, NULL, NULL, NULL); + if (r == -1) + exit(1); + exit(0); + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([SELECT_REQUIRED_FDS], [0], + [number of available fds required for select]) + ], [ + AC_MSG_RESULT(no) + AC_DEFINE([SELECT_REQUIRED_FDS], [1], + [number of available fds required for select]) + ], [ + AC_MSG_RESULT([cross-compiling, assuming yes]) + AC_DEFINE([SELECT_REQUIRED_FDS], [0], + [assuming select works with zero free fds]) + ] + ) elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then SANDBOX_STYLE="none" diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 41b22d837..fcc70fca5 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.46 2010/10/07 11:19:24 djm Exp $ +# $Id: Makefile.in,v 1.47 2011/09/29 13:17:22 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c new file mode 100644 index 000000000..93d515595 --- /dev/null +++ b/openbsd-compat/strnlen.c @@ -0,0 +1,37 @@ +/* $OpenBSD: strnlen.c,v 1.3 2010/06/02 12:58:12 millert Exp $ */ + +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ + +#include "config.h" +#ifndef HAVE_STRNLEN +#include + +#include + +size_t +strnlen(const char *str, size_t maxlen) +{ + const char *cp; + + for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) + ; + + return (size_t)(cp - str); +} +#endif -- cgit v1.2.3 From b0b29cc0c5befffd9902a8e6e634c4473c8687a1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 Oct 2011 18:49:24 +1100 Subject: remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim --- configure.ac | 49 ++----------------------------------------------- 1 file changed, 2 insertions(+), 47 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 95a2a8d1d..c471e7f35 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.482 2011/09/29 13:17:21 dtucker Exp $ +# $Id: configure.ac,v 1.483 2011/10/02 07:49:24 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.482 $) +AC_REVISION($Revision: 1.483 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2506,51 +2506,6 @@ elif test "x$sandbox_arg" = "xrlimit" || \ AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) SANDBOX_STYLE="rlimit" AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) - - AC_MSG_CHECKING([if select works with zero available fds]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif -#include -#include -#include -#include -#include - ]], [[ - struct rlimit rl_zero; - int fd, r; - fd_set fds; - - fd = open("/dev/null", O_RDWR); - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - setrlimit(RLIMIT_FSIZE, &rl_zero); - setrlimit(RLIMIT_NOFILE, &rl_zero); - FD_ZERO(&fds); - FD_SET(fd, &fds); - r = select(fd+1, &fds, NULL, NULL, NULL); - if (r == -1) - exit(1); - exit(0); - ]])], [ - AC_MSG_RESULT(yes) - AC_DEFINE([SELECT_REQUIRED_FDS], [0], - [number of available fds required for select]) - ], [ - AC_MSG_RESULT(no) - AC_DEFINE([SELECT_REQUIRED_FDS], [1], - [number of available fds required for select]) - ], [ - AC_MSG_RESULT([cross-compiling, assuming yes]) - AC_DEFINE([SELECT_REQUIRED_FDS], [0], - [assuming select works with zero free fds]) - ] - ) elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then SANDBOX_STYLE="none" -- cgit v1.2.3 From aa3cbd1b5bc83a30f7deb960e3e69e56df92bc56 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 4 Nov 2011 11:25:24 +1100 Subject: - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) with some rework from myself and djm. ok djm. --- ChangeLog | 5 + INSTALL | 8 +- LICENCE | 1 + configure.ac | 39 ++++- openbsd-compat/Makefile.in | 4 +- openbsd-compat/getrrsetbyname-ldns.c | 284 +++++++++++++++++++++++++++++++++++ openbsd-compat/getrrsetbyname.c | 4 +- 7 files changed, 338 insertions(+), 7 deletions(-) create mode 100644 openbsd-compat/getrrsetbyname-ldns.c (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b4bad9dec..43dacda54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,11 @@ - dtucker@cvs.openbsd.org 011/11/04 00:09:39 [moduli] regenerated moduli file; ok deraadt + - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in + openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] + bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library + which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) + with some rework from myself and djm. ok djm. 20111025 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file diff --git a/INSTALL b/INSTALL index 0031dea85..7c6046932 100644 --- a/INSTALL +++ b/INSTALL @@ -80,6 +80,12 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +LDNS: + +LDNS is a DNS BSD-licensed resolver library which supports DNSSEC. + +http://nlnetlabs.nl/projects/ldns/ + Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked @@ -260,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ +$Id: INSTALL,v 1.87 2011/11/04 00:25:25 dtucker Exp $ diff --git a/LICENCE b/LICENCE index 120d6fd54..f52387139 100644 --- a/LICENCE +++ b/LICENCE @@ -207,6 +207,7 @@ OpenSSH contains no GPL code. The SCO Group Daniel Walsh Red Hat, Inc + Simon Vallet / Genoscope * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/configure.ac b/configure.ac index c471e7f35..dc53f0398 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.483 2011/10/02 07:49:24 dtucker Exp $ +# $Id: configure.ac,v 1.484 2011/11/04 00:25:25 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.483 $) +AC_REVISION($Revision: 1.484 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1319,6 +1319,41 @@ int deny_severity = 0, allow_severity = 0; ] ) +# Check whether user wants to use ldns +LDNS_MSG="no" +AC_ARG_WITH(ldns, + [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) + LIBS="-lldns $LIBS" + LDNS_MSG="yes" + + AC_MSG_CHECKING([for ldns support]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +#include +#include +int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } + ]]) + ], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) + ]) + fi + ] +) + # Check whether user wants libedit support LIBEDIT_MSG="no" AC_ARG_WITH([libedit], diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index fcc70fca5..196a81d13 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.47 2011/09/29 13:17:22 dtucker Exp $ +# $Id: Makefile.in,v 1.48 2011/11/04 00:25:25 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o -COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c new file mode 100644 index 000000000..8ce5678c9 --- /dev/null +++ b/openbsd-compat/getrrsetbyname-ldns.c @@ -0,0 +1,284 @@ +/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ + +/* + * Copyright (c) 2007 Simon Vallet / Genoscope + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Portions Copyright (c) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) + +#include +#include + +#include + +#include "getrrsetbyname.h" +#include "log.h" +#include "xmalloc.h" + +#define malloc(x) (xmalloc(x)) +#define calloc(x, y) (xcalloc((x),(y))) +#define free(x) (xfree(x)) + +int +getrrsetbyname(const char *hostname, unsigned int rdclass, + unsigned int rdtype, unsigned int flags, + struct rrsetinfo **res) +{ + int result; + unsigned int i, j, index_ans, index_sig; + struct rrsetinfo *rrset = NULL; + struct rdatainfo *rdata; + size_t len; + ldns_resolver *ldns_res; + ldns_rdf *domain = NULL; + ldns_pkt *pkt = NULL; + ldns_rr_list *rrsigs = NULL, *rrdata = NULL; + ldns_status err; + ldns_rr *rr; + + /* check for invalid class and type */ + if (rdclass > 0xffff || rdtype > 0xffff) { + result = ERRSET_INVAL; + goto fail; + } + + /* don't allow queries of class or type ANY */ + if (rdclass == 0xff || rdtype == 0xff) { + result = ERRSET_INVAL; + goto fail; + } + + /* don't allow flags yet, unimplemented */ + if (flags) { + result = ERRSET_INVAL; + goto fail; + } + + /* Initialize resolver from resolv.conf */ + domain = ldns_dname_new_frm_str(hostname); + if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \ + LDNS_STATUS_OK) { + result = ERRSET_FAIL; + goto fail; + } + +#ifdef LDNS_DEBUG + ldns_resolver_set_debug(ldns_res, true); +#endif /* LDNS_DEBUG */ + + ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */ + + /* make query */ + pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD); + + /*** TODO: finer errcodes -- see original **/ + if (!pkt || ldns_pkt_ancount(pkt) < 1) { + result = ERRSET_FAIL; + goto fail; + } + + /* initialize rrset */ + rrset = calloc(1, sizeof(struct rrsetinfo)); + if (rrset == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } + + rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER); + rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata); + if (!rrset->rri_nrdatas) { + result = ERRSET_NODATA; + goto fail; + } + + /* copy name from answer section */ + len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))); + if ((rrset->rri_name = malloc(len)) == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } + memcpy(rrset->rri_name, + ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len); + + rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0)); + rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0)); + rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0)); + + debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas); + + /* Check for authenticated data */ + if (ldns_pkt_ad(pkt)) { + rrset->rri_flags |= RRSET_VALIDATED; + } else { /* AD is not set, try autonomous validation */ + ldns_rr_list * trusted_keys = ldns_rr_list_new(); + + debug2("ldns: trying to validate RRset"); + /* Get eventual sigs */ + rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs); + debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS", + rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG); + + if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs, + trusted_keys)) == LDNS_STATUS_OK) { + rrset->rri_flags |= RRSET_VALIDATED; + debug2("ldns: RRset is signed with a valid key"); + } else { + debug2("ldns: RRset validation failed: %s", + ldns_get_errorstr_by_id(err)); + } + + ldns_rr_list_deep_free(trusted_keys); + } + + /* allocate memory for answers */ + rrset->rri_rdatas = calloc(rrset->rri_nrdatas, + sizeof(struct rdatainfo)); + + if (rrset->rri_rdatas == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } + + /* allocate memory for signatures */ + if (rrset->rri_nsigs > 0) { + rrset->rri_sigs = calloc(rrset->rri_nsigs, + sizeof(struct rdatainfo)); + + if (rrset->rri_sigs == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } + } + + /* copy answers & signatures */ + for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) { + rdata = NULL; + rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i); + + if (ldns_rr_get_class(rr) == rrset->rri_rdclass && + ldns_rr_get_type(rr) == rrset->rri_rdtype) { + rdata = &rrset->rri_rdatas[index_ans++]; + } + + if (rr->_rr_class == rrset->rri_rdclass && + rr->_rr_type == LDNS_RR_TYPE_RRSIG) { + rdata = &rrset->rri_sigs[index_sig++]; + } + + if (rdata) { + size_t rdata_offset = 0; + + rdata->rdi_length = 0; + for (j=0; j< rr->_rd_count; j++) { + rdata->rdi_length += + ldns_rdf_size(ldns_rr_rdf(rr, j)); + } + + rdata->rdi_data = malloc(rdata->rdi_length); + if (rdata->rdi_data == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } + + /* Re-create the raw DNS RDATA */ + for (j=0; j< rr->_rd_count; j++) { + len = ldns_rdf_size(ldns_rr_rdf(rr, j)); + memcpy(rdata->rdi_data + rdata_offset, + ldns_rdf_data(ldns_rr_rdf(rr, j)), len); + rdata_offset += len; + } + } + } + + *res = rrset; + result = ERRSET_SUCCESS; + +fail: + /* freerrset(rrset); */ + ldns_rdf_deep_free(domain); + ldns_pkt_free(pkt); + ldns_rr_list_deep_free(rrsigs); + ldns_rr_list_deep_free(rrdata); + ldns_resolver_deep_free(ldns_res); + + return result; +} + + +void +freerrset(struct rrsetinfo *rrset) +{ + u_int16_t i; + + if (rrset == NULL) + return; + + if (rrset->rri_rdatas) { + for (i = 0; i < rrset->rri_nrdatas; i++) { + if (rrset->rri_rdatas[i].rdi_data == NULL) + break; + free(rrset->rri_rdatas[i].rdi_data); + } + free(rrset->rri_rdatas); + } + + if (rrset->rri_sigs) { + for (i = 0; i < rrset->rri_nsigs; i++) { + if (rrset->rri_sigs[i].rdi_data == NULL) + break; + free(rrset->rri_sigs[i].rdi_data); + } + free(rrset->rri_sigs); + } + + if (rrset->rri_name) + free(rrset->rri_name); + free(rrset); +} + + +#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 98876673d..dc6fe0533 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -47,7 +47,7 @@ #include "includes.h" -#ifndef HAVE_GETRRSETBYNAME +#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) #include #include @@ -607,4 +607,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) return (n); } -#endif /* !defined(HAVE_GETRRSETBYNAME) */ +#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ -- cgit v1.2.3 From 4a725ef6a54d527fa5f2b3ab56dfff67e372ccdd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 21 Nov 2011 16:38:48 +1100 Subject: - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ --- ChangeLog | 3 +++ configure.ac | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 43dacda54..d55a397bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20111121 + - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ + 20111104 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/10/18 05:15:28 diff --git a/configure.ac b/configure.ac index dc53f0398..5aeb7a8f7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.484 2011/11/04 00:25:25 dtucker Exp $ +# $Id: configure.ac,v 1.485 2011/11/21 05:38:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.484 $) +AC_REVISION($Revision: 1.485 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -134,6 +134,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) + OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) AC_MSG_CHECKING([gcc version]) GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` case $GCC_VER in -- cgit v1.2.3 From e9b3ad73baf25fa780f853e40f91ce74f0381c76 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 17 Jan 2012 14:03:34 +1100 Subject: - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add null implementation of HMAC_CTX_init for the benefit of old versions of OpenSSL that don't have it. --- ChangeLog | 5 +++++ configure.ac | 6 +++--- mac.c | 2 ++ openbsd-compat/openssl-compat.h | 7 ++++++- 4 files changed, 16 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a06554857..4bdc73ec7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20120117 + - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add + null implementation of HMAC_CTX_init for the benefit of old versions + of OpenSSL that don't have it. + 20111219 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/12/02 00:41:56 diff --git a/configure.ac b/configure.ac index 5aeb7a8f7..54fc7d0cf 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.485 2011/11/21 05:38:50 dtucker Exp $ +# $Id: configure.ac,v 1.486 2012/01/17 03:03:37 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.485 $) +AC_REVISION($Revision: 1.486 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2205,7 +2205,7 @@ AC_LINK_IFELSE( ] ) -AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method]) +AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init]) AC_ARG_WITH([ssl-engine], [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], diff --git a/mac.c b/mac.c index da7b5d8bb..332d3c621 100644 --- a/mac.c +++ b/mac.c @@ -44,6 +44,8 @@ #include "umac.h" +#include "openbsd-compat/openssl-compat.h" + #define SSH_EVP 1 /* OpenSSL EVP-based MAC */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c5fc24eb4..a151eff38 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.19 2011/05/10 01:13:38 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -130,5 +130,10 @@ int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); void ssh_OpenSSL_add_all_algorithms(void); + +# ifndef HAVE_HMAC_CTX_INIT +# define HMAC_CTX_init(a) +# endif + #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ -- cgit v1.2.3 From 93a2d41505981a9f4fd5f1cffec713622215910e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 24 Feb 2012 10:40:41 +1100 Subject: - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM audit breakage in Solaris 11. Patch from Magnus Johansson. --- ChangeLog | 4 +++ audit-bsm.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- configure.ac | 9 +++++-- 3 files changed, 89 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 3f5630da4..05749a6a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20120224 + - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM + audit breakage in Solaris 11. Patch from Magnus Johansson. + 20120215 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c diff --git a/audit-bsm.c b/audit-bsm.c index f196d4f1e..613559140 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */ /* * TODO @@ -45,6 +45,10 @@ #include #include +#ifdef BROKEN_BSM_API +#include +#endif + #include "ssh.h" #include "log.h" #include "key.h" @@ -114,6 +118,12 @@ extern int aug_daemon_session(void); extern Authctxt *the_authctxt; static AuditInfoTermID ssh_bsm_tid; +#ifdef BROKEN_BSM_API +/* For some reason this constant is no longer defined + in Solaris 11. */ +#define BSM_TEXTBUFSZ 256 +#endif + /* Below is the low-level BSM interface code */ /* @@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) } #endif +#ifdef BROKEN_BSM_API +/* + In Solaris 11 the audit daemon has been moved to SMF. In the process + they simply dropped getacna() from the API, since it read from a now + non-existent config file. This function re-implements getacna() to + read from the SMF repository instead. + */ +int +getacna(char *auditstring, int len) +{ + scf_handle_t *handle = NULL; + scf_property_t *property = NULL; + scf_value_t *value = NULL; + int ret = 0; + + handle = scf_handle_create(SCF_VERSION); + if (handle == NULL) + return -2; /* The man page for getacna on Solaris 10 states + we should return -2 in case of error and set + errno to indicate the error. We don't bother + with errno here, though, since the only use + of this function below doesn't check for errors + anyway. + */ + + ret = scf_handle_bind(handle); + if (ret == -1) + return -2; + + property = scf_property_create(handle); + if (property == NULL) + return -2; + + ret = scf_handle_decode_fmri(handle, + "svc:/system/auditd:default/:properties/preselection/naflags", + NULL, NULL, NULL, NULL, property, 0); + if (ret == -1) + return -2; + + value = scf_value_create(handle); + if (value == NULL) + return -2; + + ret = scf_property_get_value(property, value); + if (ret == -1) + return -2; + + ret = scf_value_get_astring(value, auditstring, len); + if (ret == -1) + return -2; + + scf_value_destroy(value); + scf_property_destroy(property); + scf_handle_destroy(handle); + + return 0; +} +#endif + /* * Check if the specified event is selected (enabled) for auditing. * Returns 1 if the event is selected, 0 if not and -1 on failure. @@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no) (void) au_write(ad, au_to_text(string)); (void) au_write(ad, AUToReturnFunc(typ, rc)); +#ifdef BROKEN_BSM_API + /* The last argument is the event modifier flags. For + some seemingly undocumented reason it was added in + Solaris 11. */ + rc = au_close(ad, AU_TO_WRITE, event_no, 0); +#else rc = au_close(ad, AU_TO_WRITE, event_no); +#endif + if (rc < 0) error("BSM audit: %s failed to write \"%s\" record: %s", __func__, string, strerror(errno)); diff --git a/configure.ac b/configure.ac index 54fc7d0cf..acf529b04 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.486 2012/01/17 03:03:37 dtucker Exp $ +# $Id: configure.ac,v 1.487 2012/02/23 23:40:43 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.486 $) +AC_REVISION($Revision: 1.487 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1434,6 +1434,11 @@ AC_ARG_WITH([audit], # These are optional AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) + if test "$sol2ver" -eq 11; then + SSHDLIBS="$SSHDLIBS -lscf" + AC_DEFINE([BROKEN_BSM_API], [1], + [The system has incomplete BSM API]) + fi ;; linux) AC_MSG_RESULT([linux]) -- cgit v1.2.3 From e0956e38349d4a32f3c4a726af45a3695ff2d3c2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 4 Apr 2012 11:27:54 +1000 Subject: - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@ --- ChangeLog | 5 ++ Makefile.in | 5 +- configure.ac | 68 ++++++++++++++- sandbox-seccomp-filter.c | 222 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 295 insertions(+), 5 deletions(-) create mode 100644 sandbox-seccomp-filter.c (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 2bd907cc5..a89bb4b5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20120404 + - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox + mode for Linux's new seccomp filter; patch from Will Drewry; feedback + and ok dtucker@ + 20120330 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING file from spec file. From crighter at nuclioss com. diff --git a/Makefile.in b/Makefile.in index 3be3aa617..566f58fe6 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $ +# $Id: Makefile.in,v 1.326 2012/04/04 01:27:57 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -90,7 +90,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o \ - sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o + sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ + sandbox-seccomp-filter.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 diff --git a/configure.ac b/configure.ac index acf529b04..23ac1490a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.487 2012/02/23 23:40:43 dtucker Exp $ +# $Id: configure.ac,v 1.488 2012/04/04 01:27:57 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.487 $) +AC_REVISION($Revision: 1.488 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -116,6 +116,35 @@ AC_CHECK_DECL([RLIMIT_NPROC], #include #include ]) +AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ + #include + #include +]) +if test "x$have_linux_no_new_privs" = "x1" ; then +AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ + #include + #include +]) +fi +if test "x$have_seccomp_filter" = "x1" ; then +AC_MSG_CHECKING([kernel for seccomp_filter support]) +AC_RUN_IFELSE([AC_LANG_PROGRAM([[ + #include + #include + #include + #include + ]], + [[ errno = 0; + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); + exit(errno == EFAULT ? 0 : 1); ]])], + [ AC_MSG_RESULT([yes]) ], [ + AC_MSG_RESULT([no]) + # Disable seccomp filter as a target + have_seccomp_filter=0 + ], + [ AC_MSG_RESULT([cross-compiling, assuming yes]) ] +) +fi use_stack_protector=1 AC_ARG_WITH([stackprotect], @@ -657,6 +686,22 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) fi + AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) + AC_CHECK_FUNCS([prctl]) + have_seccomp_audit_arch=1 + case "$host" in + x86_64-*) + AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64], + [Specify the system call convention in use]) + ;; + i*86-*) + AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386], + [Specify the system call convention in use]) + ;; + *) + have_seccomp_audit_arch=0 + ;; + esac ;; mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) @@ -2518,7 +2563,7 @@ AC_SUBST([SSH_PRIVSEP_USER]) # Decide which sandbox style to use sandbox_arg="" AC_ARG_WITH([sandbox], - [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)], + [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], [ if test "x$withval" = "xyes" ; then sandbox_arg="" @@ -2541,6 +2586,23 @@ elif test "x$sandbox_arg" = "xdarwin" || \ AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) SANDBOX_STYLE="darwin" AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) +elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ + test "x$have_seccomp_filter" == "x1" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$have_seccomp_audit_arch" = "x1" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + test "x$ac_cv_func_prctl" = "xyes" ) ; then + test "x$have_seccomp_audit_arch" != "x1" && \ + AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) + test "x$have_linux_no_new_privs" != "x1" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) + test "x$have_seccomp_filter" != "x1" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) + test "x$ac_cv_func_prctl" != "xyes" && \ + AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) + SANDBOX_STYLE="seccomp_filter" + AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) elif test "x$sandbox_arg" = "xrlimit" || \ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then test "x$ac_cv_func_setrlimit" != "xyes" && \ diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c new file mode 100644 index 000000000..686812957 --- /dev/null +++ b/sandbox-seccomp-filter.c @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2012 Will Drewry + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Uncomment the SANDBOX_SECCOMP_FILTER_DEBUG macro below to help diagnose + * filter breakage during development. *Do not* use this in production, + * as it relies on making library calls that are unsafe in signal context. + * + * Instead, live systems the auditctl(8) may be used to monitor failures. + * E.g. + * auditctl -a task,always -F uid= + */ +/* #define SANDBOX_SECCOMP_FILTER_DEBUG 1 */ + +#ifdef SANDBOX_SECCOMP_FILTER_DEBUG +/* Use the kernel headers in case of an older toolchain. */ +# include +# define __have_siginfo_t 1 +# define __have_sigval_t 1 +# define __have_sigevent_t 1 +#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ + +#include "includes.h" + +#ifdef SANDBOX_SECCOMP_FILTER + +#include +#include +#include + +#include +#include +#include + +#include + +#include +#include +#include +#include /* for offsetof */ +#include +#include +#include +#include + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +/* Linux seccomp_filter sandbox */ +#define SECCOMP_FILTER_FAIL SECCOMP_RET_KILL + +/* Use a signal handler to emit violations when debugging */ +#ifdef SANDBOX_SECCOMP_FILTER_DEBUG +# undef SECCOMP_FILTER_FAIL +# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP +#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ + +/* Simple helpers to avoid manual errors (but larger BPF programs). */ +#define SC_DENY(_nr, _errno) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) +#define SC_ALLOW(_nr) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) + +/* Syscall filtering set for preauth. */ +static const struct sock_filter preauth_insns[] = { + /* Ensure the syscall arch convention is as expected. */ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, + offsetof(struct seccomp_data, arch)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), + /* Load the syscall number for checking. */ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, + offsetof(struct seccomp_data, nr)), + SC_DENY(open, EACCES), + SC_ALLOW(getpid), + SC_ALLOW(gettimeofday), + SC_ALLOW(time), + SC_ALLOW(read), + SC_ALLOW(write), + SC_ALLOW(close), + SC_ALLOW(brk), + SC_ALLOW(poll), +#ifdef __NR__newselect + SC_ALLOW(_newselect), +#else + SC_ALLOW(select), +#endif + SC_ALLOW(madvise), + SC_ALLOW(mmap), + SC_ALLOW(munmap), + SC_ALLOW(exit_group), +#ifdef __NR_rt_sigprocmask + SC_ALLOW(rt_sigprocmask), +#else + SC_ALLOW(sigprocmask), +#endif + BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), +}; + +static const struct sock_fprog preauth_program = { + .len = (unsigned short)(sizeof(preauth_insns)/sizeof(preauth_insns[0])), + .filter = (struct sock_filter *)preauth_insns, +}; + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing seccomp filter sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +#ifdef SANDBOX_SECCOMP_FILTER_DEBUG +extern struct monitor *pmonitor; +void mm_log_handler(LogLevel level, const char *msg, void *ctx); + +static void +ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context) +{ + char msg[256]; + + snprintf(msg, sizeof(msg), + "%s: unexpected system call (arch:0x%x,syscall:%d @ %p)", + __func__, info->si_arch, info->si_syscall, info->si_call_addr); + mm_log_handler(SYSLOG_LEVEL_FATAL, msg, pmonitor); + _exit(1); +} + +static void +ssh_sandbox_child_debugging(void) +{ + struct sigaction act; + sigset_t mask; + + debug3("%s: installing SIGSYS handler", __func__); + memset(&act, 0, sizeof(act)); + sigemptyset(&mask); + sigaddset(&mask, SIGSYS); + + act.sa_sigaction = &ssh_sandbox_violation; + act.sa_flags = SA_SIGINFO; + if (sigaction(SIGSYS, &act, NULL) == -1) + fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno)); + if (sigprocmask(SIG_UNBLOCK, &mask, NULL) == -1) + fatal("%s: sigprocmask(SIGSYS): %s", + __func__, strerror(errno)); +} +#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + struct rlimit rl_zero; + + /* Set rlimits for completeness if possible. */ + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", + __func__, strerror(errno)); + if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", + __func__, strerror(errno)); + if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", + __func__, strerror(errno)); + +#ifdef SANDBOX_SECCOMP_FILTER_DEBUG + ssh_sandbox_child_debugging(); +#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ + + debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__); + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) + fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s", + __func__, strerror(errno)); + debug3("%s: attaching seccomp filter program", __func__); + if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1) + fatal("%s: prctl(PR_SET_SECCOMP): %s", + __func__, strerror(errno)); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + box->child_pid = child_pid; +} + +#endif /* SANDBOX_SECCOMP_FILTER */ -- cgit v1.2.3 From 398c0ffe0ec149f0d12f23c158879712b5431af4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 19 Apr 2012 21:46:35 +1000 Subject: - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil contains openpty() but not login() --- ChangeLog | 4 ++++ configure.ac | 15 +++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a89bb4b5a..fc7fad995 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20120419 + - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil + contains openpty() but not login() + 20120404 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox mode for Linux's new seccomp filter; patch from Will Drewry; feedback diff --git a/configure.ac b/configure.ac index 23ac1490a..1457b8a89 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.488 2012/04/04 01:27:57 djm Exp $ +# $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.488 $) +AC_REVISION($Revision: 1.489 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1170,9 +1170,13 @@ AC_CHECK_FUNCS([utimes], dnl Checks for libutil functions AC_CHECK_HEADERS([libutil.h]) -AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1], - [Define if your libraries define login()])]) -AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp]) +AC_SEARCH_LIBS([fmt_scaled], [util bsd]) +AC_SEARCH_LIBS([login], [util bsd]) +AC_SEARCH_LIBS([logout], [util bsd]) +AC_SEARCH_LIBS([logwtmp], [util bsd]) +AC_SEARCH_LIBS([openpty], [util bsd]) +AC_SEARCH_LIBS([updwtmp], [util bsd]) +AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp]) AC_FUNC_STRFTIME @@ -1552,7 +1556,6 @@ AC_CHECK_FUNCS([ \ nsleep \ ogetaddrinfo \ openlog_r \ - openpty \ poll \ prctl \ pstat \ -- cgit v1.2.3