From 287b4591945c27b374f810f44053b33206fb5eec Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 27 May 2005 19:36:56 +1000 Subject: - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by David Leach; ok dtucker@ --- defines.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'defines.h') diff --git a/defines.h b/defines.h index 7758bc37a..d75d458f4 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ +/* $Id: defines.h,v 1.120 2005/05/27 09:36:56 djm Exp $ */ /* Constants */ @@ -54,7 +54,11 @@ enum # ifdef PATH_MAX # define MAXPATHLEN PATH_MAX # else /* PATH_MAX */ -# define MAXPATHLEN 64 /* Should be safe */ +# define MAXPATHLEN 64 +/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */ +# ifndef BROKEN_REALPATH +# define BROKEN_REALPATH 1 +# endif /* BROKEN_REALPATH */ # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ -- cgit v1.2.3 From 2be1cbb7be25d32bc5741c96cc4d6951bd91fc30 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 27 May 2005 21:13:40 +1000 Subject: - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. Required changes from Bernhard Simon, integrated by me. ok djm@ --- ChangeLog | 5 ++++- acconfig.h | 5 +---- configure.ac | 14 ++++++++++---- defines.h | 10 +++++++++- includes.h | 4 ++++ openbsd-compat/bsd-misc.c | 20 +++++++++++++++++++- sshpty.c | 4 ++-- 7 files changed, 49 insertions(+), 13 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index c1f32524b..7705b9025 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050527 - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by David Leach; ok dtucker@ + - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c + openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. + Required changes from Bernhard Simon, integrated by me. ok djm@ 20050525 - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not @@ -2612,4 +2615,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3791 2005/05/27 09:36:56 djm Exp $ +$Id: ChangeLog,v 1.3792 2005/05/27 11:13:40 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index 5721f65fb..bb2e62d23 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.182 2005/05/27 11:13:41 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -119,9 +119,6 @@ /* Define if you are on NeXT */ #undef HAVE_NEXT -/* Define if you are on NEWS-OS */ -#undef HAVE_NEWS4 - /* Define if you want to enable PAM support */ #undef USE_PAM diff --git a/configure.ac b/configure.ac index 58a3ff47d..a936d2bfd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.262 2005/05/26 10:48:25 djm Exp $ +# $Id: configure.ac,v 1.263 2005/05/27 11:13:41 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -278,7 +278,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) esac ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(HAVE_NEWS4) + AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -477,6 +477,12 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY) AC_DEFINE(MISSING_FD_MASK) ;; + +*-*-ultrix*) + AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1]) + AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files]) + AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) + AC_CHECK_HEADERS(sys/syslog.h) esac # Allow user to specify flags @@ -929,8 +935,8 @@ AC_CHECK_FUNCS(\ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ - setproctitle setregid setreuid setrlimit \ - setsid setvbuf sigaction sigvec snprintf socketpair strerror \ + setproctitle setregid setreuid setrlimit setsid setvbuf \ + sigaction sigvec snprintf socketpair strdup strerror \ strlcat strlcpy strmode strnvis strtonum strtoul sysconf tcgetpgrp \ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) diff --git a/defines.h b/defines.h index d75d458f4..3a11e6d65 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.120 2005/05/27 09:36:56 djm Exp $ */ +/* $Id: defines.h,v 1.121 2005/05/27 11:13:41 dtucker Exp $ */ /* Constants */ @@ -668,4 +668,12 @@ struct winsize { /** end of login recorder definitions */ +#ifdef BROKEN_GETGROUPS +# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b))) +#endif + +#if defined(HAVE_MMAP) && defined(BROKEN_MMAP) +# undef HAVE_MMAP +#endif + #endif /* _DEFINES_H */ diff --git a/includes.h b/includes.h index 1625f8e30..89ae26d06 100644 --- a/includes.h +++ b/includes.h @@ -181,6 +181,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif +#if defined(HAVE_SYS_SYSLOG_H) +# include +#endif + /* * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 41f92cce9..6ba9bd986 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act) return (signal(sig, act)); #endif } + +#ifndef HAVE_STRDUP +char * +strdup(const char *str) +{ + size_t len; + char *cp; + + len = strlen(str) + 1; + cp = malloc(len); + if (cp != NULL) + if (strlcpy(cp, str, len) != len) { + free(cp); + return NULL; + } + return cp; +} +#endif diff --git a/sshpty.c b/sshpty.c index efd1dfefa..36788c4d7 100644 --- a/sshpty.c +++ b/sshpty.c @@ -128,10 +128,10 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); #endif /* TIOCSCTTY */ -#ifdef HAVE_NEWS4 +#ifdef NEED_SETPGRP if (setpgrp(0,0) < 0) error("SETPGRP %s",strerror(errno)); -#endif /* HAVE_NEWS4 */ +#endif /* NEED_SETPGRP */ #ifdef USE_VHANGUP old = signal(SIGHUP, SIG_IGN); vhangup(); -- cgit v1.2.3 From 4a42257b06fed3f2ec60ca27175d7db76761aebc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 14 Jul 2005 17:22:11 +1000 Subject: - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the compiler doesn't understand it to prevent warnings. If any mainstream compiler versions acquire it we can test for those versions. Based on discussion with djm@. --- ChangeLog | 6 +++++- configure.ac | 5 ++++- defines.h | 6 +++++- 3 files changed, 14 insertions(+), 3 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index 152287c58..9ab5e94e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,10 @@ - dtucker@cvs.openbsd.org 2005/07/14 04:00:43 [misc.h] use __sentinel__ attribute; ok deraadt@ djm@ markus@ + - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the + compiler doesn't understand it to prevent warnings. If any mainstream + compiler versions acquire it we can test for those versions. Based on + discussion with djm@. 20050707 - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for @@ -2821,4 +2825,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3844 2005/07/14 07:07:21 dtucker Exp $ +$Id: ChangeLog,v 1.3845 2005/07/14 07:22:11 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e7475a9e5..e3d696cdd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.277 2005/07/07 10:33:36 dtucker Exp $ +# $Id: configure.ac,v 1.278 2005/07/14 07:22:11 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -368,6 +368,9 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(USE_PIPES) AC_DEFINE(BROKEN_SAVED_UIDS) ;; +*-*-openbsd*) + AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) + ;; *-*-solaris*) if test "x$withval" != "xno" ; then need_dash_r=1 diff --git a/defines.h b/defines.h index 3a11e6d65..f7029abb4 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.121 2005/05/27 11:13:41 dtucker Exp $ */ +/* $Id: defines.h,v 1.122 2005/07/14 07:22:11 dtucker Exp $ */ /* Constants */ @@ -436,6 +436,10 @@ struct winsize { # define __dead __attribute__((noreturn)) #endif +#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__) +# define __sentinel__ +#endif + /* *-*-nto-qnx doesn't define this macro in the system headers */ #ifdef MISSING_HOWMANY # define howmany(x,y) (((x)+((y)-1))/(y)) -- cgit v1.2.3 From 73f671a0902163c342ec5f1948f7fdad6905adee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 10 Aug 2005 21:52:36 +1000 Subject: - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] Sync current (thread-safe) version of realpath.c from OpenBSD (which is in turn based on FreeBSD's). ok djm@ --- ChangeLog | 5 +- LICENCE | 1 + configure.ac | 3 +- defines.h | 6 +- openbsd-compat/realpath.c | 266 ++++++++++++++++++++++------------------------ 5 files changed, 140 insertions(+), 141 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index 37539b728..f62f121df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050810 - (dtucker) [configure.ac] Test libedit library and headers for compatibility. Report from skeleten AT shillest.net, ok djm@ + - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] + Sync current (thread-safe) version of realpath.c from OpenBSD (which is + in turn based on FreeBSD's). ok djm@ 20050809 - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ @@ -2904,4 +2907,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3864 2005/08/10 10:34:15 dtucker Exp $ +$Id: ChangeLog,v 1.3865 2005/08/10 11:52:36 dtucker Exp $ diff --git a/LICENCE b/LICENCE index ae03eb3a7..5def839e5 100644 --- a/LICENCE +++ b/LICENCE @@ -255,6 +255,7 @@ OpenSSH contains no GPL code. Damien Miller Eric P. Allman The Regents of the University of California + Constantin S. Svintsoff * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/configure.ac b/configure.ac index 60dbd0c34..a62ee8c43 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.284 2005/08/10 10:34:15 dtucker Exp $ +# $Id: configure.ac,v 1.285 2005/08/10 11:52:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1085,7 +1085,6 @@ AC_CHECK_FUNCS( \ clock \ closefrom \ dirfd \ - fchdir \ fchmod \ fchown \ freeaddrinfo \ diff --git a/defines.h b/defines.h index f7029abb4..39d18e3d3 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.122 2005/07/14 07:22:11 dtucker Exp $ */ +/* $Id: defines.h,v 1.123 2005/08/10 11:52:36 dtucker Exp $ */ /* Constants */ @@ -62,6 +62,10 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ +#ifndef MAXSYMLINKS +# define MAXSYMLINKS 5 +#endif + #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 7f73bd998..8430bec24 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -1,11 +1,7 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ /* - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Jan-Simon Pendry. + * Copyright (c) 2003 Constantin S. Svintsoff * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -15,14 +11,14 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -36,169 +32,165 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include -#include #include #include #include /* - * MAXSYMLINKS - */ -#ifndef MAXSYMLINKS -#define MAXSYMLINKS 5 -#endif - -/* - * char *realpath(const char *path, char resolved_path[MAXPATHLEN]); + * char *realpath(const char *path, char resolved[PATH_MAX]); * * Find the real name of path, by removing all ".", ".." and symlink * components. Returns (resolved) on success, or (NULL) on failure, * in which case the path which caused trouble is left in (resolved). */ char * -realpath(const char *path, char *resolved) +realpath(const char *path, char resolved[PATH_MAX]) { struct stat sb; - int fd, n, needslash, serrno; - char *p, *q, wbuf[MAXPATHLEN]; - int symlinks = 0; - - /* Save the starting point. */ -#ifndef HAVE_FCHDIR - char start[MAXPATHLEN]; - /* this is potentially racy but without fchdir we have no option */ - if (getcwd(start, sizeof(start)) == NULL) { - resolved[0] = '.'; + char *p, *q, *s; + size_t left_len, resolved_len; + unsigned symlinks; + int serrno, slen; + char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; + + serrno = errno; + symlinks = 0; + if (path[0] == '/') { + resolved[0] = '/'; resolved[1] = '\0'; - return (NULL); + if (path[1] == '\0') + return (resolved); + resolved_len = 1; + left_len = strlcpy(left, path + 1, sizeof(left)); + } else { + if (getcwd(resolved, PATH_MAX) == NULL) { + strlcpy(resolved, ".", PATH_MAX); + return (NULL); + } + resolved_len = strlen(resolved); + left_len = strlcpy(left, path, sizeof(left)); } -#endif - if ((fd = open(".", O_RDONLY)) < 0) { - resolved[0] = '.'; - resolved[1] = '\0'; + if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { + errno = ENAMETOOLONG; return (NULL); } - /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ - if (path[0] == '.' && path[1] == '\0') - path = ""; - /* - * Find the dirname and basename from the path to be resolved. - * Change directory to the dirname component. - * lstat the basename part. - * if it is a symlink, read in the value and loop. - * if it is a directory, then change to that directory. - * get the current directory name and append the basename. + * Iterate over path components in `left'. */ - if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { - serrno = ENAMETOOLONG; - goto err2; - } -loop: - q = strrchr(resolved, '/'); - if (q != NULL) { - p = q + 1; - if (q == resolved) - q = "/"; - else { - do { - --q; - } while (q > resolved && *q == '/'); - q[1] = '\0'; - q = resolved; + while (left_len != 0) { + /* + * Extract the next path component and adjust `left' + * and its length. + */ + p = strchr(left, '/'); + s = p ? p : left + left_len; + if (s - left >= sizeof(next_token)) { + errno = ENAMETOOLONG; + return (NULL); } - if (chdir(q) < 0) - goto err1; - } else - p = resolved; - - /* Deal with the last component. */ - if (*p != '\0' && lstat(p, &sb) == 0) { - if (S_ISLNK(sb.st_mode)) { - if (++symlinks > MAXSYMLINKS) { - errno = ELOOP; - goto err1; + memcpy(next_token, left, s - left); + next_token[s - left] = '\0'; + left_len -= s - left; + if (p != NULL) + memmove(left, s + 1, left_len + 1); + if (resolved[resolved_len - 1] != '/') { + if (resolved_len + 1 >= PATH_MAX) { + errno = ENAMETOOLONG; + return (NULL); } - if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) - goto err1; - resolved[n] = '\0'; - goto loop; + resolved[resolved_len++] = '/'; + resolved[resolved_len] = '\0'; } - if (S_ISDIR(sb.st_mode)) { - if (chdir(p) < 0) - goto err1; - p = ""; + if (next_token[0] == '\0') + continue; + else if (strcmp(next_token, ".") == 0) + continue; + else if (strcmp(next_token, "..") == 0) { + /* + * Strip the last path component except when we have + * single "/" + */ + if (resolved_len > 1) { + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } + continue; } - } - - /* - * Save the last component name and get the full pathname of - * the current directory. - */ - if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { - errno = ENAMETOOLONG; - goto err1; - } - if (getcwd(resolved, MAXPATHLEN) == NULL) - goto err1; - - /* - * Join the two strings together, ensuring that the right thing - * happens if the last component is empty, or the dirname is root. - */ - if (resolved[0] == '/' && resolved[1] == '\0') - needslash = 0; - else - needslash = 1; - if (*wbuf) { - if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { + /* + * Append the next path component and lstat() it. If + * lstat() fails we still can return successfully if + * there are no more path components left. + */ + resolved_len = strlcat(resolved, next_token, PATH_MAX); + if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - goto err1; + return (NULL); } - if (needslash) { - if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; + if (lstat(resolved, &sb) != 0) { + if (errno == ENOENT && p == NULL) { + errno = serrno; + return (resolved); } + return (NULL); } - if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; - } - } + if (S_ISLNK(sb.st_mode)) { + if (symlinks++ > MAXSYMLINKS) { + errno = ELOOP; + return (NULL); + } + slen = readlink(resolved, symlink, sizeof(symlink) - 1); + if (slen < 0) + return (NULL); + symlink[slen] = '\0'; + if (symlink[0] == '/') { + resolved[1] = 0; + resolved_len = 1; + } else if (resolved_len > 1) { + /* Strip the last path component. */ + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } - /* Go back to where we came from. */ -#ifdef HAVE_FCHDIR - if (fchdir(fd) < 0) { -#else - if (chdir(start) < 0) { -#endif - serrno = errno; - goto err2; + /* + * If there are any path components left, then + * append them to symlink. The result is placed + * in `left'. + */ + if (p != NULL) { + if (symlink[slen - 1] != '/') { + if (slen + 1 >= sizeof(symlink)) { + errno = ENAMETOOLONG; + return (NULL); + } + symlink[slen] = '/'; + symlink[slen + 1] = 0; + } + left_len = strlcat(symlink, left, sizeof(left)); + if (left_len >= sizeof(left)) { + errno = ENAMETOOLONG; + return (NULL); + } + } + left_len = strlcpy(left, symlink, sizeof(left)); + } } - /* It's okay if the close fails, what's an fd more or less? */ - (void)close(fd); + /* + * Remove trailing slash except when the resolved pathname + * is a single "/". + */ + if (resolved_len > 1 && resolved[resolved_len - 1] == '/') + resolved[resolved_len - 1] = '\0'; return (resolved); - -err1: serrno = errno; -#ifdef HAVE_FCHDIR - (void)fchdir(fd); -#else - chdir(start); -#endif -err2: (void)close(fd); - errno = serrno; - return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 93e7e8f345367136b4c3881c6eb3d756a43fe148 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 23 Aug 2005 08:06:55 +1000 Subject: - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ --- ChangeLog | 6 +++++- configure.ac | 8 +++++++- defines.h | 19 ++++++++++++++++++- includes.h | 1 + sftp.c | 2 +- 5 files changed, 32 insertions(+), 4 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index e77dd1f4d..f9db29ad5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050821 + - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for + LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ + 20050816 - (djm) [ttymodes.c] bugzilla #1054: Fix encoding of _POSIX_VDISABLE, from Jacob Nevins; ok dtucker@ @@ -2941,4 +2945,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3874 2005/08/16 11:32:09 djm Exp $ +$Id: ChangeLog,v 1.3875 2005/08/22 22:06:55 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 849112829..619a4e76a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.286 2005/08/16 00:48:41 tim Exp $ +# $Id: configure.ac,v 1.287 2005/08/22 22:06:56 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -555,6 +555,12 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) ;; + +*-*-lynxos) + CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" + AC_DEFINE(MISSING_HOWMANY) + AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) + ;; esac # Allow user to specify flags diff --git a/defines.h b/defines.h index 39d18e3d3..3103f8743 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.123 2005/08/10 11:52:36 dtucker Exp $ */ +/* $Id: defines.h,v 1.124 2005/08/22 22:06:56 dtucker Exp $ */ /* Constants */ @@ -579,6 +579,23 @@ struct winsize { # define SSH_SYSFDMAX 10000 #endif +#if defined(__Lynx__) + /* + * LynxOS defines these in param.h which we do not want to include since + * it will also pull in a bunch of kernel definitions. + */ +# define ALIGNBYTES (sizeof(int) - 1) +# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES) + /* Missing prototypes on LynxOS */ + int snprintf (char *, size_t, const char *, ...); + int mkstemp (char *); + char *crypt (const char *, const char *); + int seteuid (uid_t); + int setegid (gid_t); + char *mkdtemp (char *); + int rresvport_af (int *, sa_family_t); + int innetgr (const char *, const char *, const char *, const char *); +#endif /* * Define this to use pipes instead of socketpairs for communicating with the diff --git a/includes.h b/includes.h index 89ae26d06..9408fec9a 100644 --- a/includes.h +++ b/includes.h @@ -21,6 +21,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include "config.h" +#include #include #include #include diff --git a/sftp.c b/sftp.c index 9f6c88fb5..f98ed7d27 100644 --- a/sftp.c +++ b/sftp.c @@ -1295,7 +1295,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) xfree(dir); } -#if HAVE_SETVBUF +#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF) setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); #else -- cgit v1.2.3 From 8cc2ad68cd886d5f55a40b46a8e4d60931217a33 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 23 Aug 2005 17:18:21 -0700 Subject: - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ --- ChangeLog | 6 ++++-- defines.h | 8 +++++++- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index dd64f1374..5c9182c23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,9 @@ - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" and "//foo" to be different. Spotted by vinschen at redhat.com. - - (tim) [configure.ac ] Not all gcc's support -Wsign-compare + - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements + and OK dtucker@ + - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ 20050821 - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for @@ -2951,4 +2953,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3877 2005/08/24 00:11:26 tim Exp $ +$Id: ChangeLog,v 1.3878 2005/08/24 00:18:21 tim Exp $ diff --git a/defines.h b/defines.h index 3103f8743..670fc3fe5 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.124 2005/08/22 22:06:56 dtucker Exp $ */ +/* $Id: defines.h,v 1.125 2005/08/24 00:18:21 tim Exp $ */ /* Constants */ @@ -62,6 +62,12 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ +#ifndef PATH_MAX +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX +# endif +#endif + #ifndef MAXSYMLINKS # define MAXSYMLINKS 5 #endif -- cgit v1.2.3 From 2291c00ab2aef934391c23227645121719df4c4b Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Fri, 26 Aug 2005 13:15:19 -0700 Subject: - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@ --- CREDITS | 4 +- ChangeLog | 10 +++- LICENCE | 1 + auth.c | 4 ++ configure.ac | 6 ++- defines.h | 6 ++- includes.h | 4 ++ openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/port-uw.c | 115 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-uw.h | 30 +++++++++++ openbsd-compat/xcrypt.c | 4 ++ session.c | 5 ++ 13 files changed, 189 insertions(+), 7 deletions(-) create mode 100644 openbsd-compat/port-uw.c create mode 100644 openbsd-compat/port-uw.h (limited to 'defines.h') diff --git a/CREDITS b/CREDITS index 2a77b8729..82b9f2210 100644 --- a/CREDITS +++ b/CREDITS @@ -3,6 +3,7 @@ Tatu Ylonen - Creator of SSH Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song - Creators of OpenSSH +Ahsan Rashid - UnixWare long passwords Alain St-Denis - Irix fix Alexandre Oliva - AIX fixes Andre Lucas - new login code, many fixes @@ -32,6 +33,7 @@ David Del Piero - bug fixes David Hesprich - Configure fixes David Rankin - libwrap, AIX, NetBSD fixes Dag-Erling Smørgrav - Challenge-Response PAM code. +Dhiraj Gulati - UnixWare long passwords Ed Eden - configure fixes Garrick James - configure fixes Gary E. Miller - SCO support @@ -98,5 +100,5 @@ Apologies to anyone I have missed. Damien Miller -$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $ +$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $ diff --git a/ChangeLog b/ChangeLog index 5c9182c23..d0ef8312e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20050826 + - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c + openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h + openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c + openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) + on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing + by tim@. Feedback and OK dtucker@ + 20050823 - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" @@ -2953,4 +2961,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3878 2005/08/24 00:18:21 tim Exp $ +$Id: ChangeLog,v 1.3879 2005/08/26 20:15:19 tim Exp $ diff --git a/LICENCE b/LICENCE index 5def839e5..ac3634f22 100644 --- a/LICENCE +++ b/LICENCE @@ -204,6 +204,7 @@ OpenSSH contains no GPL code. William Jones Darren Tucker Sun Microsystems + The SCO Group * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/auth.c b/auth.c index 82fe8f06b..d62d8ff22 100644 --- a/auth.c +++ b/auth.c @@ -97,7 +97,11 @@ allowed_user(struct passwd * pw) /* grab passwd field for locked account check */ #ifdef USE_SHADOW if (spw != NULL) +#ifdef HAVE_LIBIAF + passwd = get_iaf_password(pw); +#else passwd = spw->sp_pwdp; +#endif /* HAVE_LIBIAF */ #else passwd = pw->pw_passwd; #endif diff --git a/configure.ac b/configure.ac index f1588c693..c9c8218d3 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.288 2005/08/24 00:11:26 tim Exp $ +# $Id: configure.ac,v 1.289 2005/08/26 20:15:20 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -446,6 +446,8 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) + check_for_libcrypt_later=1 + AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -643,6 +645,7 @@ AC_CHECK_HEADERS( \ getopt.h \ glob.h \ ia.h \ + iaf.h \ lastlog.h \ limits.h \ login.h \ @@ -1721,6 +1724,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") fi +AC_CHECK_LIB(iaf, ia_openinfo) ### Configure cryptographic random number support diff --git a/defines.h b/defines.h index 670fc3fe5..8d3617d06 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.125 2005/08/24 00:18:21 tim Exp $ */ +/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */ /* Constants */ @@ -688,6 +688,10 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +#ifdef UNIXWARE_LONG_PASSWORDS +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif + /* HP-UX 11.11 */ #ifdef BTMP_FILE # define _PATH_BTMP BTMP_FILE diff --git a/includes.h b/includes.h index 9408fec9a..fa65aa38d 100644 --- a/includes.h +++ b/includes.h @@ -169,6 +169,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_IAF_H +# include +#endif + #ifdef HAVE_TMPDIR_H # include #endif diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index c6e08867c..6f5ee2845 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $ +# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o +PORTS=port-irix.o port-aix.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index e66f5ec55..ba68bc27e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -173,5 +173,6 @@ char *shadow_pw(struct passwd *pw); #include "bsd-cygwin_util.h" #include "port-irix.h" #include "port-aix.h" +#include "port-uw.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c new file mode 100644 index 000000000..cbc3f686b --- /dev/null +++ b/openbsd-compat/port-uw.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2005 The SCO Group. All rights reserved. + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef UNIXWARE_LONG_PASSWORDS +#ifdef HAVE_CRYPT_H +#include +#endif +#include "packet.h" +#include "buffer.h" +#include "log.h" +#include "servconf.h" +#include "auth.h" +#include "auth-options.h" + +int nischeck(char *); + +int +sys_auth_passwd(Authctxt *authctxt, const char *password) +{ + struct passwd *pw = authctxt->pw; + char *encrypted_password; + char *salt; + + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + + /* Check for users with no password. */ + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) + return (1); + + salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; + if (nischeck(pw->pw_name)) + return(strcmp(crypt(password, salt), pw_password) == 0); + else + return(strcmp(bigcrypt(password, salt), pw_password) == 0); +} + +int +nischeck(char *namep) +{ + char password_file[] = "/etc/passwd"; + FILE *fd; + struct passwd *ent = NULL; + + if ((fd = fopen (password_file, "r")) == NULL) { + /* + * If the passwd file has dissapeared we are in a bad state. + * However, returning 0 will send us back through the + * authentication scheme that has checked the ia database for + * passwords earlier. + */ + return(0); + } + + /* + * fgetpwent() only reads from password file, so we know for certain + * that the user is local. + */ + while (ent = fgetpwent(fd)) { + if (strcmp (ent->pw_name, namep) == 0) { + /* Local user */ + fclose (fd); + return(0); + } + } + + fclose (fd); + return (1); +} + +#endif /* UNIXWARE_LONG_PASSWORDS */ + +#ifdef HAVE_LIBIAF +char * +get_iaf_password(struct passwd *pw) +{ + char *pw_password = NULL; + + uinfo_t uinfo; + if (!ia_openinfo(pw->pw_name,&uinfo)) { + ia_get_logpwd(uinfo, &pw_password); + if (pw_password == NULL) + fatal("Unable to get the shadow passwd"); + ia_closeinfo(uinfo); + return pw_password; + } + else + fatal("Unable to open the shadow passwd file"); +} +#endif /* HAVE_LIBIAF */ + diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h new file mode 100644 index 000000000..f16bb5e5c --- /dev/null +++ b/openbsd-compat/port-uw.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef HAVE_LIBIAF +char * get_iaf_password(struct passwd *pw); +#endif /* HAVE_LIBIAF */ + diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index c3cea3c86..453203270 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -91,7 +91,11 @@ shadow_pw(struct passwd *pw) struct spwd *spw = getspnam(pw->pw_name); if (spw != NULL) +#ifdef HAVE_LIBIAF + pw_password = get_iaf_password(pw); +#else pw_password = spw->sp_pwdp; +#endif /* HAVE_LIBIAF */ # endif # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; diff --git a/session.c b/session.c index 95084aec6..98bd3121c 100644 --- a/session.c +++ b/session.c @@ -1334,6 +1334,11 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ +# ifdef HAVE_LIBIAF + if (set_id(pw->pw_name) != 0) { + exit(1); + } +# endif /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3 From 66fd217e8e57f0c86179d77dc14e42efd3098320 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 31 Aug 2005 09:59:49 -0700 Subject: - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@ --- ChangeLog | 8 ++++++-- auth.c | 7 +++++-- configure.ac | 3 ++- defines.h | 4 ++-- openbsd-compat/port-uw.c | 35 +++++++++++++++++++++++++++-------- openbsd-compat/port-uw.h | 4 ++-- openbsd-compat/xcrypt.c | 9 +++++---- session.c | 4 ++-- 8 files changed, 51 insertions(+), 23 deletions(-) (limited to 'defines.h') diff --git a/ChangeLog b/ChangeLog index 139934ca1..8f3ffeda0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -20050830 +20050831 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] @@ -11,6 +11,10 @@ [version.h] 4.2 - (dtucker) [README] Update release note URL to 4.2 + - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c + openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable + libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). + Feedback and OK dtucker@ 20050830 - (tim) [configure.ac] Back out last change. It needs to be done differently. @@ -2982,4 +2986,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3885 2005/08/31 14:05:56 dtucker Exp $ +$Id: ChangeLog,v 1.3886 2005/08/31 16:59:49 tim Exp $ diff --git a/auth.c b/auth.c index d62d8ff22..2dc5c2be6 100644 --- a/auth.c +++ b/auth.c @@ -97,11 +97,11 @@ allowed_user(struct passwd * pw) /* grab passwd field for locked account check */ #ifdef USE_SHADOW if (spw != NULL) -#ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) passwd = get_iaf_password(pw); #else passwd = spw->sp_pwdp; -#endif /* HAVE_LIBIAF */ +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ #else passwd = pw->pw_passwd; #endif @@ -123,6 +123,9 @@ allowed_user(struct passwd * pw) if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) locked = 1; #endif +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) + free(passwd); +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ if (locked) { logit("User %.100s not allowed because account is locked", pw->pw_name); diff --git a/configure.ac b/configure.ac index 2834c5802..1e4df2e33 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.291 2005/08/30 14:12:02 tim Exp $ +# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -456,6 +456,7 @@ mips-sony-bsd|mips-sony-newsos4) case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x TEST_SHELL=/u95/bin/sh + AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) ;; esac ;; diff --git a/defines.h b/defines.h index 8d3617d06..408b988b5 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */ +/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */ /* Constants */ @@ -688,7 +688,7 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif -#ifdef UNIXWARE_LONG_PASSWORDS +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) # define CUSTOM_SYS_AUTH_PASSWD 1 #endif diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index cbc3f686b..d881ff028 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -25,7 +25,7 @@ #include "includes.h" -#ifdef UNIXWARE_LONG_PASSWORDS +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) #ifdef HAVE_CRYPT_H #include #endif @@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) struct passwd *pw = authctxt->pw; char *encrypted_password; char *salt; + int result; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; @@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); + /* Encrypt the candidate password using the proper salt. */ salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; - if (nischeck(pw->pw_name)) - return(strcmp(crypt(password, salt), pw_password) == 0); +#ifdef UNIXWARE_LONG_PASSWORDS + if (!nischeck(pw->pw_name)) + encrypted_password = bigcrypt(password, salt); else - return(strcmp(bigcrypt(password, salt), pw_password) == 0); +#endif /* UNIXWARE_LONG_PASSWORDS */ + encrypted_password = xcrypt(password, salt); + + /* + * Authentication is accepted if the encrypted passwords + * are identical. + */ + result = (strcmp(encrypted_password, pw_password) == 0); + + if (authctxt->valid) + free(pw_password); + return(result); } +#ifdef UNIXWARE_LONG_PASSWORDS int nischeck(char *namep) { @@ -94,7 +109,11 @@ nischeck(char *namep) #endif /* UNIXWARE_LONG_PASSWORDS */ -#ifdef HAVE_LIBIAF +/* + NOTE: ia_get_logpwd() allocates memory for arg 2 + functions that call shadow_pw() will need to free + */ + char * get_iaf_password(struct passwd *pw) { @@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw) if (!ia_openinfo(pw->pw_name,&uinfo)) { ia_get_logpwd(uinfo, &pw_password); if (pw_password == NULL) - fatal("Unable to get the shadow passwd"); + fatal("ia_get_logpwd: Unable to get the shadow passwd"); ia_closeinfo(uinfo); return pw_password; } else - fatal("Unable to open the shadow passwd file"); + fatal("ia_openinfo: Unable to open the shadow passwd file"); } -#endif /* HAVE_LIBIAF */ +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h index f16bb5e5c..3589b2e44 100644 --- a/openbsd-compat/port-uw.h +++ b/openbsd-compat/port-uw.h @@ -24,7 +24,7 @@ #include "includes.h" -#ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) char * get_iaf_password(struct passwd *pw); -#endif /* HAVE_LIBIAF */ +#endif diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 453203270..9afa0b9f2 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -91,12 +91,13 @@ shadow_pw(struct passwd *pw) struct spwd *spw = getspnam(pw->pw_name); if (spw != NULL) -#ifdef HAVE_LIBIAF - pw_password = get_iaf_password(pw); -#else pw_password = spw->sp_pwdp; -#endif /* HAVE_LIBIAF */ # endif + +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) + return(get_iaf_password(pw)); +#endif + # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) diff --git a/session.c b/session.c index 98bd3121c..db8722f47 100644 --- a/session.c +++ b/session.c @@ -1334,11 +1334,11 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ -# ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) if (set_id(pw->pw_name) != 0) { exit(1); } -# endif +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3