From 84ce9b455d04e7f145d43ef8dac2ddc59e41802d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 26 May 2005 20:12:15 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide templates for _getshort and _getlong if missing to prevent compiler warnings on Linux. --- openbsd-compat/getrrsetbyname.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 4e869c4df..2016ffe31 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -144,6 +144,8 @@ _getshort(msgp) GETSHORT(u, msgp); return (u); } +#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) +u_int16_t _getshort(register const u_char *); #endif #ifndef HAVE__GETLONG @@ -156,6 +158,8 @@ _getlong(msgp) GETLONG(u, msgp); return (u); } +#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) +u_int32_t _getlong(register const u_char *); #endif int -- cgit v1.2.3 From de3cb0a3dc1bd98762afa3d71f3ffcdb76029fad Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 26 May 2005 20:48:25 +1000 Subject: - (djm) [configure.ac openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] Add strtonum(3) from OpenBSD libc, new code needs it. Unfortunately Linux forces us to do a bizarre dance with compiler options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ --- ChangeLog | 7 ++++- configure.ac | 13 ++++++-- openbsd-compat/Makefile.in | 4 +-- openbsd-compat/openbsd-compat.h | 6 +++- openbsd-compat/strtonum.c | 69 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 openbsd-compat/strtonum.c (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 148199a55..935132567 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,11 @@ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide templates for _getshort and _getlong if missing to prevent compiler warnings on Linux. + - (djm) [configure.ac openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] + Add strtonum(3) from OpenBSD libc, new code needs it. + Unfortunately Linux forces us to do a bizarre dance with compiler + options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] @@ -2603,4 +2608,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3789 2005/05/26 10:12:15 dtucker Exp $ +$Id: ChangeLog,v 1.3790 2005/05/26 10:48:25 djm Exp $ diff --git a/configure.ac b/configure.ac index fd8218aea..58a3ff47d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.261 2005/05/26 10:12:15 dtucker Exp $ +# $Id: configure.ac,v 1.262 2005/05/26 10:48:25 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -79,6 +79,15 @@ AC_SUBST(LD) AC_C_INLINE if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" + + # Check for -std=gnu99 support (needed for LLONG_MIN/MAX on Linux) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -std=gnu99" + AC_MSG_CHECKING(whether cc accepts -std=gnu99 option) + AC_TRY_COMPILE([], [return(0);], [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no) + CFLAGS="$saved_CFLAGS"], + ) fi AC_ARG_WITH(rpath, @@ -922,7 +931,7 @@ AC_CHECK_FUNCS(\ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ setproctitle setregid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ - strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ + strlcat strlcpy strmode strnvis strtonum strtoul sysconf tcgetpgrp \ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 0f34f2240..8368aa2ce 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $ +# $Id: Makefile.in,v 1.32 2005/05/26 10:48:25 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 89d1454e0..a4cfa6c4d 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *); int snprintf(char *, size_t, const char *, ...); #endif +#ifndef HAVE_STRTONUM +long long strtonum(const char *, long long, long long, const char **); +#endif + #ifndef HAVE_VSNPRINTF int vsnprintf(char *, size_t, const char *, va_list); #endif diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c new file mode 100644 index 000000000..b681ed83b --- /dev/null +++ b/openbsd-compat/strtonum.c @@ -0,0 +1,69 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ + +/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#ifndef HAVE_STRTONUM +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + char *ep; + int error = 0; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) + error = INVALID; + else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} + +#endif /* HAVE_STRTONUM */ -- cgit v1.2.3 From 2be1cbb7be25d32bc5741c96cc4d6951bd91fc30 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 27 May 2005 21:13:40 +1000 Subject: - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. Required changes from Bernhard Simon, integrated by me. ok djm@ --- ChangeLog | 5 ++++- acconfig.h | 5 +---- configure.ac | 14 ++++++++++---- defines.h | 10 +++++++++- includes.h | 4 ++++ openbsd-compat/bsd-misc.c | 20 +++++++++++++++++++- sshpty.c | 4 ++-- 7 files changed, 49 insertions(+), 13 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index c1f32524b..7705b9025 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050527 - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by David Leach; ok dtucker@ + - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c + openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. + Required changes from Bernhard Simon, integrated by me. ok djm@ 20050525 - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not @@ -2612,4 +2615,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3791 2005/05/27 09:36:56 djm Exp $ +$Id: ChangeLog,v 1.3792 2005/05/27 11:13:40 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index 5721f65fb..bb2e62d23 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.182 2005/05/27 11:13:41 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -119,9 +119,6 @@ /* Define if you are on NeXT */ #undef HAVE_NEXT -/* Define if you are on NEWS-OS */ -#undef HAVE_NEWS4 - /* Define if you want to enable PAM support */ #undef USE_PAM diff --git a/configure.ac b/configure.ac index 58a3ff47d..a936d2bfd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.262 2005/05/26 10:48:25 djm Exp $ +# $Id: configure.ac,v 1.263 2005/05/27 11:13:41 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -278,7 +278,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) esac ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(HAVE_NEWS4) + AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -477,6 +477,12 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY) AC_DEFINE(MISSING_FD_MASK) ;; + +*-*-ultrix*) + AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1]) + AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files]) + AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) + AC_CHECK_HEADERS(sys/syslog.h) esac # Allow user to specify flags @@ -929,8 +935,8 @@ AC_CHECK_FUNCS(\ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ - setproctitle setregid setreuid setrlimit \ - setsid setvbuf sigaction sigvec snprintf socketpair strerror \ + setproctitle setregid setreuid setrlimit setsid setvbuf \ + sigaction sigvec snprintf socketpair strdup strerror \ strlcat strlcpy strmode strnvis strtonum strtoul sysconf tcgetpgrp \ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) diff --git a/defines.h b/defines.h index d75d458f4..3a11e6d65 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.120 2005/05/27 09:36:56 djm Exp $ */ +/* $Id: defines.h,v 1.121 2005/05/27 11:13:41 dtucker Exp $ */ /* Constants */ @@ -668,4 +668,12 @@ struct winsize { /** end of login recorder definitions */ +#ifdef BROKEN_GETGROUPS +# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b))) +#endif + +#if defined(HAVE_MMAP) && defined(BROKEN_MMAP) +# undef HAVE_MMAP +#endif + #endif /* _DEFINES_H */ diff --git a/includes.h b/includes.h index 1625f8e30..89ae26d06 100644 --- a/includes.h +++ b/includes.h @@ -181,6 +181,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif +#if defined(HAVE_SYS_SYSLOG_H) +# include +#endif + /* * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 41f92cce9..6ba9bd986 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act) return (signal(sig, act)); #endif } + +#ifndef HAVE_STRDUP +char * +strdup(const char *str) +{ + size_t len; + char *cp; + + len = strlen(str) + 1; + cp = malloc(len); + if (cp != NULL) + if (strlcpy(cp, str, len) != len) { + free(cp); + return NULL; + } + return cp; +} +#endif diff --git a/sshpty.c b/sshpty.c index efd1dfefa..36788c4d7 100644 --- a/sshpty.c +++ b/sshpty.c @@ -128,10 +128,10 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); #endif /* TIOCSCTTY */ -#ifdef HAVE_NEWS4 +#ifdef NEED_SETPGRP if (setpgrp(0,0) < 0) error("SETPGRP %s",strerror(errno)); -#endif /* HAVE_NEWS4 */ +#endif /* NEED_SETPGRP */ #ifdef USE_VHANGUP old = signal(SIGHUP, SIG_IGN); vhangup(); -- cgit v1.2.3 From 5d72a40d67d606a22f75999dc8bf1b846815ec2a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 28 May 2005 20:28:39 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as per the autoconf man page. Configure should always define them but it doesn't hurt to check. --- ChangeLog | 5 ++++- openbsd-compat/port-aix.h | 15 ++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 6d734d4cd..c7bc855c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ its presence before doing AC_FUNC_GETPGRP. - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor version-specific variations as required. + - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as + per the autoconf man page. Configure should always define them but it + doesn't hurt to check. 20050527 - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by @@ -2625,4 +2628,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3796 2005/05/28 08:31:42 dtucker Exp $ +$Id: ChangeLog,v 1.3797 2005/05/28 10:28:39 dtucker Exp $ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 9e3dce4dd..37b2c12b0 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,8 +1,9 @@ -/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,23 +48,23 @@ /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); -#if (HAVE_DECL_SETAUTHDB == 0) +#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0) int setauthdb(const char *, char *); #endif /* these may or may not be in the headers depending on the version */ -#if (HAVE_DECL_AUTHENTICATE == 0) +#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0) int authenticate(char *, char *, int *, char **); #endif -#if (HAVE_DECL_LOGINFAILED == 0) +#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0) int loginfailed(char *, char *, char *); #endif -#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0) int loginrestrictions(char *, int, char *, char **); #endif -#if (HAVE_DECL_LOGINSUCCESS == 0) +#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0) int loginsuccess(char *, char *, char *, char **); #endif -#if (HAVE_DECL_PASSWDEXPIRED == 0) +#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0) int passwdexpired(char *, char **); #endif -- cgit v1.2.3 From 782727ac611b159973a5dd05f8d8cfa82cd734d0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 May 2005 10:28:48 +1000 Subject: 20050529 - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the argument to passwdexpired to be initialized to NULL. Suggested by tim@ While at it, initialize the other arguments to auth functions in case they ever acquire this behaviour. --- ChangeLog | 8 +++++++- openbsd-compat/port-aix.c | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index c7bc855c6..4919e3ead 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050529 + - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the + argument to passwdexpired to be initialized to NULL. Suggested by tim@ + While at it, initialize the other arguments to auth functions in case they + ever acquire this behaviour. + 20050528 - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have one entry per line to make it easier to merge changes. ok djm@ @@ -2628,4 +2634,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3797 2005/05/28 10:28:39 dtucker Exp $ +$Id: ChangeLog,v 1.3798 2005/05/29 00:28:48 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index cf5d4b9a3..c711283dd 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -1,7 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. + * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -153,7 +153,7 @@ aix_valid_authentications(const char *user) int sys_auth_passwd(Authctxt *ctxt, const char *password) { - char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; + char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; do { @@ -257,7 +257,7 @@ int sys_auth_record_login(const char *user, const char *host, const char *ttynm, Buffer *loginmsg) { - char *msg; + char *msg = NULL; int success = 0; aix_setauthdb(user); -- cgit v1.2.3 From 6b2fe31def24b50c4cc705f2a3b861348b1be8e2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 May 2005 10:32:47 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. --- ChangeLog | 3 ++- openbsd-compat/port-aix.c | 8 +++----- 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 4919e3ead..f6ace4314 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ argument to passwdexpired to be initialized to NULL. Suggested by tim@ While at it, initialize the other arguments to auth functions in case they ever acquire this behaviour. + - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. 20050528 - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have @@ -2634,4 +2635,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3798 2005/05/29 00:28:48 dtucker Exp $ +$Id: ChangeLog,v 1.3799 2005/05/29 00:32:47 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index c711283dd..8267c8ef1 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = ""; # endif /* - * AIX has a "usrinfo" area where logname and other stuff is stored - + * AIX has a "usrinfo" area where logname and other stuff is stored - * a few applications actually use this and die if it's not set * * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ - - void aix_usrinfo(struct passwd *pw) { @@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw) len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); cp = xmalloc(len); - i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', + i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', pw->pw_name, '\0'); if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); @@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) if (result == 0) { authsuccess = 1; - /* + /* * Record successful login. We don't have a pty yet, so just * label the line as "ssh" */ -- cgit v1.2.3 From f9fea65ba91c6c8002185fab31266f60c6b33a78 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 May 2005 10:54:27 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, spotted by tim@. --- ChangeLog | 4 +++- openbsd-compat/port-aix.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index f6ace4314..4d85ddafd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ While at it, initialize the other arguments to auth functions in case they ever acquire this behaviour. - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. + - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, + spotted by tim@. 20050528 - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have @@ -2635,4 +2637,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3799 2005/05/29 00:32:47 dtucker Exp $ +$Id: ChangeLog,v 1.3800 2005/05/29 00:54:27 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 8267c8ef1..81d8124e0 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -158,7 +158,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) result = authenticate((char *)name, (char *)password, &reenter, &authmsg); aix_remove_embedded_newlines(authmsg); - debug3("AIX/authenticate result %d, msg %.100s", result, + debug3("AIX/authenticate result %d, authmsg %.100s", result, authmsg); } while (reenter); -- cgit v1.2.3 From 81eb5d5e10d4c3ce0f0cc91fab7efbb22fb97f07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 1 Jun 2005 21:39:33 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] Add strtoll to the compat library, from OpenBSD. --- ChangeLog | 5 +- configure.ac | 3 +- openbsd-compat/Makefile.in | 4 +- openbsd-compat/strtoll.c | 151 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 159 insertions(+), 4 deletions(-) create mode 100644 openbsd-compat/strtoll.c (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 9c2573f78..1f9684d75 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050601 - (dtucker) [configure.ac] Look for _getshort and _getlong in arpa/nameser.h. + - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] + Add strtoll to the compat library, from OpenBSD. + 20050531 - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at @@ -2649,4 +2652,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3803 2005/06/01 08:57:45 dtucker Exp $ +$Id: ChangeLog,v 1.3804 2005/06/01 11:39:33 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 362faa1d1..e94663790 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.269 2005/06/01 08:57:45 dtucker Exp $ +# $Id: configure.ac,v 1.270 2005/06/01 11:39:33 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1038,6 +1038,7 @@ AC_CHECK_FUNCS( \ strmode \ strnvis \ strtonum \ + strtoll \ strtoul \ sysconf \ tcgetpgrp \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 8368aa2ce..30d2410bc 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.32 2005/05/26 10:48:25 djm Exp $ +# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c new file mode 100644 index 000000000..60c276f8a --- /dev/null +++ b/openbsd-compat/strtoll.c @@ -0,0 +1,151 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ + +/*- + * Copyright (c) 1992 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#ifndef HAVE_STRTOLL + +#if defined(LIBC_SCCS) && !defined(lint) +static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include + +#include +#include +#include +#include + +/* + * Convert a string to a long long. + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +long long +strtoll(const char *nptr, char **endptr, int base) +{ + const char *s; + long long acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * Skip white space and pick up leading +/- sign if any. + * If base is 0, allow 0x for hex and 0 for octal, else + * assume decimal; if base is already 16, allow 0x. + */ + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && + c == '0' && (*s == 'x' || *s == 'X')) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + /* + * Compute the cutoff value between legal numbers and illegal + * numbers. That is the largest legal value, divided by the + * base. An input number that is greater than this value, if + * followed by a legal input character, is too big. One that + * is equal to this value may be valid or not; the limit + * between valid and invalid numbers is then based on the last + * digit. For instance, if the range for long longs is + * [-9223372036854775808..9223372036854775807] and the input base + * is 10, cutoff will be set to 922337203685477580 and cutlim to + * either 7 (neg==0) or 8 (neg==1), meaning that if we have + * accumulated a value > 922337203685477580, or equal but the + * next digit is > 7 (or 8), the number is too big, and we will + * return a range error. + * + * Set any if any `digits' consumed; make it negative to indicate + * overflow. + */ + cutoff = neg ? LLONG_MIN : LLONG_MAX; + cutlim = cutoff % base; + cutoff /= base; + if (neg) { + if (cutlim > 0) { + cutlim -= base; + cutoff += 1; + } + cutlim = -cutlim; + } + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (neg) { + if (acc < cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = LLONG_MIN; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc -= c; + } + } else { + if (acc > cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = LLONG_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc += c; + } + } + } + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +#endif /* HAVE_STRTOLL */ -- cgit v1.2.3 From a55ec7701336230c76b63ad426057146ae516a4f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 9 Jun 2005 21:45:10 +1000 Subject: - (dtucker) [cipher.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] Move compatibility code for supporting older OpenSSL versions to the compat layer. Suggested by and "no objection" djm@ --- ChangeLog | 8 ++++- cipher.c | 42 ++------------------------ openbsd-compat/Makefile.in | 4 +-- openbsd-compat/openbsd-compat.h | 5 +++- openbsd-compat/openssl-compat.c | 44 ++++++++++++++++++++++++++++ openbsd-compat/openssl-compat.h | 65 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 124 insertions(+), 44 deletions(-) create mode 100644 openbsd-compat/openssl-compat.c create mode 100644 openbsd-compat/openssl-compat.h (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index efebb2820..f0424fa81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050609 + - (dtucker) [cipher.c openbsd-compat/Makefile.in + openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] + Move compatibility code for supporting older OpenSSL versions to the + compat layer. Suggested by and "no objection" djm@ + 20050607 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: in today's episode we attempt to coax it from limits.h where it may be @@ -2686,4 +2692,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3813 2005/06/07 07:53:40 dtucker Exp $ +$Id: ChangeLog,v 1.3814 2005/06/09 11:45:10 dtucker Exp $ diff --git a/cipher.c b/cipher.c index b56492940..df46c0175 100644 --- a/cipher.c +++ b/cipher.c @@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); #include -#if OPENSSL_VERSION_NUMBER < 0x00906000L -#define SSH_OLD_EVP -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x00907000L -extern const EVP_CIPHER *evp_rijndael(void); -extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); -#endif - -#if !defined(EVP_CTRL_SET_ACSS_MODE) -# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) -extern const EVP_CIPHER *evp_acss(void); -# define EVP_acss evp_acss -# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */ -# else -# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */ -# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */ -#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */ - extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); @@ -88,25 +68,15 @@ struct Cipher { { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, -#if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, - { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, -#else { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, -#endif -#if OPENSSL_VERSION_NUMBER >= 0x00905000L { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, -#endif -#if defined(EVP_CTRL_SET_ACSS_MODE) +#ifdef USE_CIPHER_ACSS { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, #endif { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } @@ -225,8 +195,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, EVP_CIPHER *type; #else const EVP_CIPHER *type; -#endif int klen; +#endif u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { @@ -293,23 +263,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) fatal("cipher_encrypt: bad plaintext length %d", len); -#ifdef SSH_OLD_EVP - EVP_Cipher(&cc->evp, dest, (u_char *)src, len); -#else if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) fatal("evp_crypt: EVP_Cipher failed"); -#endif } void cipher_cleanup(CipherContext *cc) { -#ifdef SSH_OLD_EVP - EVP_CIPHER_CTX_cleanup(&cc->evp); -#else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); -#endif } /* diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 30d2410bc..c6e08867c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $ +# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-irix.o port-aix.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a4cfa6c4d..f468d5aab 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw); /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" +/* compatibility with old or broken OpenSSL versions */ +#include "openssl-compat.h" + /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 000000000..10b4d1d74 --- /dev/null +++ b/openbsd-compat/openssl-compat.c @@ -0,0 +1,44 @@ +/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSH_DONT_REDEF_EVP +#include "includes.h" + +#ifdef SSH_OLD_EVP +int +ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv, int enc) +{ + EVP_CipherInit(evp, type, key, iv, enc); + return 1; +} + +int +ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) +{ + EVP_Cipher(evp, dst, src, len); + return 1; +} + +int +ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) +{ + EVP_CIPHER_CTX_cleanup(evp); + return 1; +} +#endif diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 000000000..d9b2fa55f --- /dev/null +++ b/openbsd-compat/openssl-compat.h @@ -0,0 +1,65 @@ +/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#include + +#if OPENSSL_VERSION_NUMBER < 0x00906000L +# define SSH_OLD_EVP +# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#endif + +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define EVP_aes_128_cbc evp_rijndael +# define EVP_aes_192_cbc evp_rijndael +# define EVP_aes_256_cbc evp_rijndael +extern const EVP_CIPHER *evp_rijndael(void); +extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +#endif + +#if !defined(EVP_CTRL_SET_ACSS_MODE) +# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# define USE_CIPHER_ACSS 1 +extern const EVP_CIPHER *evp_acss(void); +# define EVP_acss evp_acss +# else +# define EVP_acss NULL +# endif +#endif + +/* + * insert comment here + */ +#ifdef SSH_OLD_EVP + +# ifndef SSH_DONT_REDEF_EVP + +# ifdef EVP_Cipher +# undef EVP_Cipher +# endif + +# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) +# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) +# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) +# endif + +int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, + unsigned char *, int); +int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); +int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +#endif -- cgit v1.2.3 From f0bd352429f26f99b7bdacd23baf46b39a9f600a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Jun 2005 21:15:20 +1000 Subject: - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.c] only include openssl compat stuff where it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by and ok tim@ ---------------------------------------------------------------------- automatically CVS: CVS: Committing in . CVS: CVS: Modified Files: ---------------------------------------------------------------------- --- ChangeLog | 6 +++++- cipher.c | 3 +++ openbsd-compat/openbsd-compat.h | 5 +---- openbsd-compat/openssl-compat.c | 6 ++++-- 4 files changed, 13 insertions(+), 7 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index f3c3c93ba..3cfba58a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean + - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h + openbsd-compat/openssl-compat.c] only include openssl compat stuff where + it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by + and ok tim@ 20050616 - (djm) OpenBSD CVS Sync @@ -2734,4 +2738,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3823 2005/06/17 02:59:34 djm Exp $ +$Id: ChangeLog,v 1.3824 2005/06/17 11:15:20 dtucker Exp $ diff --git a/cipher.c b/cipher.c index 20d0a80c4..fc1e2ae1c 100644 --- a/cipher.c +++ b/cipher.c @@ -43,6 +43,9 @@ RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); #include +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" + extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index f468d5aab..e66f5ec55 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -168,9 +168,6 @@ char *shadow_pw(struct passwd *pw); /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" -/* compatibility with old or broken OpenSSL versions */ -#include "openssl-compat.h" - /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 10b4d1d74..b690e8fe6 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -16,9 +16,11 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define SSH_DONT_REDEF_EVP #include "includes.h" +#define SSH_DONT_REDEF_EVP +#include "openssl-compat.h" + #ifdef SSH_OLD_EVP int ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, -- cgit v1.2.3 From 212cfc4b4869fbbe5b038f7480e67d26f60f1545 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 3 Aug 2005 10:57:15 +1000 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines individually and use a value less likely to collide with real values from netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ --- ChangeLog | 7 ++++++- openbsd-compat/fake-rfc2553.h | 16 +++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index b45ebb49b..04fa21d0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20050803 + - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines + individually and use a value less likely to collide with real values from + netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ + 20050802 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 @@ -2889,4 +2894,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3860 2005/08/02 14:20:15 dtucker Exp $ +$Id: ChangeLog,v 1.3861 2005/08/03 00:57:15 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index 636792ed7..24a34d17a 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.11 2005/08/03 00:57:15 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -114,10 +114,16 @@ struct sockaddr_in6 { #endif /* !NI_MAXHOST */ #ifndef EAI_NODATA -# define EAI_NODATA 1 -# define EAI_MEMORY 2 -# define EAI_NONAME 3 -# define EAI_SYSTEM 4 +# define EAI_NODATA (MAX_INT - 1) +#endif +#ifndef EAI_MEMORY +# define EAI_MEMORY (MAX_INT - 2) +#endif +#ifndef EAI_NONAME +# define EAI_NONAME (MAX_INT - 3) +#endif +#ifndef EAI_SYSTEM +# define EAI_SYSTEM (MAX_INT - 4) #endif #ifndef HAVE_STRUCT_ADDRINFO -- cgit v1.2.3 From 9825697d3cf75e262dc81f01f7f6bf1e234306d3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 3 Aug 2005 15:36:21 +1000 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the latter is specified in the standard. --- ChangeLog | 4 +++- openbsd-compat/fake-rfc2553.h | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 04fa21d0f..c0c2dbc05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines individually and use a value less likely to collide with real values from netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ + - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the + latter is specified in the standard. 20050802 - (dtucker) OpenBSD CVS Sync @@ -2894,4 +2896,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3861 2005/08/03 00:57:15 dtucker Exp $ +$Id: ChangeLog,v 1.3862 2005/08/03 05:36:21 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index 24a34d17a..cbcf7f727 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.11 2005/08/03 00:57:15 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.12 2005/08/03 05:36:21 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -114,16 +114,16 @@ struct sockaddr_in6 { #endif /* !NI_MAXHOST */ #ifndef EAI_NODATA -# define EAI_NODATA (MAX_INT - 1) +# define EAI_NODATA (INT_MAX - 1) #endif #ifndef EAI_MEMORY -# define EAI_MEMORY (MAX_INT - 2) +# define EAI_MEMORY (INT_MAX - 2) #endif #ifndef EAI_NONAME -# define EAI_NONAME (MAX_INT - 3) +# define EAI_NONAME (INT_MAX - 3) #endif #ifndef EAI_SYSTEM -# define EAI_SYSTEM (MAX_INT - 4) +# define EAI_SYSTEM (INT_MAX - 4) #endif #ifndef HAVE_STRUCT_ADDRINFO -- cgit v1.2.3 From 73f671a0902163c342ec5f1948f7fdad6905adee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 10 Aug 2005 21:52:36 +1000 Subject: - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] Sync current (thread-safe) version of realpath.c from OpenBSD (which is in turn based on FreeBSD's). ok djm@ --- ChangeLog | 5 +- LICENCE | 1 + configure.ac | 3 +- defines.h | 6 +- openbsd-compat/realpath.c | 266 ++++++++++++++++++++++------------------------ 5 files changed, 140 insertions(+), 141 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 37539b728..f62f121df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050810 - (dtucker) [configure.ac] Test libedit library and headers for compatibility. Report from skeleten AT shillest.net, ok djm@ + - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] + Sync current (thread-safe) version of realpath.c from OpenBSD (which is + in turn based on FreeBSD's). ok djm@ 20050809 - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ @@ -2904,4 +2907,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3864 2005/08/10 10:34:15 dtucker Exp $ +$Id: ChangeLog,v 1.3865 2005/08/10 11:52:36 dtucker Exp $ diff --git a/LICENCE b/LICENCE index ae03eb3a7..5def839e5 100644 --- a/LICENCE +++ b/LICENCE @@ -255,6 +255,7 @@ OpenSSH contains no GPL code. Damien Miller Eric P. Allman The Regents of the University of California + Constantin S. Svintsoff * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/configure.ac b/configure.ac index 60dbd0c34..a62ee8c43 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.284 2005/08/10 10:34:15 dtucker Exp $ +# $Id: configure.ac,v 1.285 2005/08/10 11:52:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1085,7 +1085,6 @@ AC_CHECK_FUNCS( \ clock \ closefrom \ dirfd \ - fchdir \ fchmod \ fchown \ freeaddrinfo \ diff --git a/defines.h b/defines.h index f7029abb4..39d18e3d3 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.122 2005/07/14 07:22:11 dtucker Exp $ */ +/* $Id: defines.h,v 1.123 2005/08/10 11:52:36 dtucker Exp $ */ /* Constants */ @@ -62,6 +62,10 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ +#ifndef MAXSYMLINKS +# define MAXSYMLINKS 5 +#endif + #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 7f73bd998..8430bec24 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -1,11 +1,7 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ /* - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Jan-Simon Pendry. + * Copyright (c) 2003 Constantin S. Svintsoff * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -15,14 +11,14 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -36,169 +32,165 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include -#include #include #include #include /* - * MAXSYMLINKS - */ -#ifndef MAXSYMLINKS -#define MAXSYMLINKS 5 -#endif - -/* - * char *realpath(const char *path, char resolved_path[MAXPATHLEN]); + * char *realpath(const char *path, char resolved[PATH_MAX]); * * Find the real name of path, by removing all ".", ".." and symlink * components. Returns (resolved) on success, or (NULL) on failure, * in which case the path which caused trouble is left in (resolved). */ char * -realpath(const char *path, char *resolved) +realpath(const char *path, char resolved[PATH_MAX]) { struct stat sb; - int fd, n, needslash, serrno; - char *p, *q, wbuf[MAXPATHLEN]; - int symlinks = 0; - - /* Save the starting point. */ -#ifndef HAVE_FCHDIR - char start[MAXPATHLEN]; - /* this is potentially racy but without fchdir we have no option */ - if (getcwd(start, sizeof(start)) == NULL) { - resolved[0] = '.'; + char *p, *q, *s; + size_t left_len, resolved_len; + unsigned symlinks; + int serrno, slen; + char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; + + serrno = errno; + symlinks = 0; + if (path[0] == '/') { + resolved[0] = '/'; resolved[1] = '\0'; - return (NULL); + if (path[1] == '\0') + return (resolved); + resolved_len = 1; + left_len = strlcpy(left, path + 1, sizeof(left)); + } else { + if (getcwd(resolved, PATH_MAX) == NULL) { + strlcpy(resolved, ".", PATH_MAX); + return (NULL); + } + resolved_len = strlen(resolved); + left_len = strlcpy(left, path, sizeof(left)); } -#endif - if ((fd = open(".", O_RDONLY)) < 0) { - resolved[0] = '.'; - resolved[1] = '\0'; + if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { + errno = ENAMETOOLONG; return (NULL); } - /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ - if (path[0] == '.' && path[1] == '\0') - path = ""; - /* - * Find the dirname and basename from the path to be resolved. - * Change directory to the dirname component. - * lstat the basename part. - * if it is a symlink, read in the value and loop. - * if it is a directory, then change to that directory. - * get the current directory name and append the basename. + * Iterate over path components in `left'. */ - if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { - serrno = ENAMETOOLONG; - goto err2; - } -loop: - q = strrchr(resolved, '/'); - if (q != NULL) { - p = q + 1; - if (q == resolved) - q = "/"; - else { - do { - --q; - } while (q > resolved && *q == '/'); - q[1] = '\0'; - q = resolved; + while (left_len != 0) { + /* + * Extract the next path component and adjust `left' + * and its length. + */ + p = strchr(left, '/'); + s = p ? p : left + left_len; + if (s - left >= sizeof(next_token)) { + errno = ENAMETOOLONG; + return (NULL); } - if (chdir(q) < 0) - goto err1; - } else - p = resolved; - - /* Deal with the last component. */ - if (*p != '\0' && lstat(p, &sb) == 0) { - if (S_ISLNK(sb.st_mode)) { - if (++symlinks > MAXSYMLINKS) { - errno = ELOOP; - goto err1; + memcpy(next_token, left, s - left); + next_token[s - left] = '\0'; + left_len -= s - left; + if (p != NULL) + memmove(left, s + 1, left_len + 1); + if (resolved[resolved_len - 1] != '/') { + if (resolved_len + 1 >= PATH_MAX) { + errno = ENAMETOOLONG; + return (NULL); } - if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) - goto err1; - resolved[n] = '\0'; - goto loop; + resolved[resolved_len++] = '/'; + resolved[resolved_len] = '\0'; } - if (S_ISDIR(sb.st_mode)) { - if (chdir(p) < 0) - goto err1; - p = ""; + if (next_token[0] == '\0') + continue; + else if (strcmp(next_token, ".") == 0) + continue; + else if (strcmp(next_token, "..") == 0) { + /* + * Strip the last path component except when we have + * single "/" + */ + if (resolved_len > 1) { + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } + continue; } - } - - /* - * Save the last component name and get the full pathname of - * the current directory. - */ - if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { - errno = ENAMETOOLONG; - goto err1; - } - if (getcwd(resolved, MAXPATHLEN) == NULL) - goto err1; - - /* - * Join the two strings together, ensuring that the right thing - * happens if the last component is empty, or the dirname is root. - */ - if (resolved[0] == '/' && resolved[1] == '\0') - needslash = 0; - else - needslash = 1; - if (*wbuf) { - if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { + /* + * Append the next path component and lstat() it. If + * lstat() fails we still can return successfully if + * there are no more path components left. + */ + resolved_len = strlcat(resolved, next_token, PATH_MAX); + if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - goto err1; + return (NULL); } - if (needslash) { - if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; + if (lstat(resolved, &sb) != 0) { + if (errno == ENOENT && p == NULL) { + errno = serrno; + return (resolved); } + return (NULL); } - if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; - } - } + if (S_ISLNK(sb.st_mode)) { + if (symlinks++ > MAXSYMLINKS) { + errno = ELOOP; + return (NULL); + } + slen = readlink(resolved, symlink, sizeof(symlink) - 1); + if (slen < 0) + return (NULL); + symlink[slen] = '\0'; + if (symlink[0] == '/') { + resolved[1] = 0; + resolved_len = 1; + } else if (resolved_len > 1) { + /* Strip the last path component. */ + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } - /* Go back to where we came from. */ -#ifdef HAVE_FCHDIR - if (fchdir(fd) < 0) { -#else - if (chdir(start) < 0) { -#endif - serrno = errno; - goto err2; + /* + * If there are any path components left, then + * append them to symlink. The result is placed + * in `left'. + */ + if (p != NULL) { + if (symlink[slen - 1] != '/') { + if (slen + 1 >= sizeof(symlink)) { + errno = ENAMETOOLONG; + return (NULL); + } + symlink[slen] = '/'; + symlink[slen + 1] = 0; + } + left_len = strlcat(symlink, left, sizeof(left)); + if (left_len >= sizeof(left)) { + errno = ENAMETOOLONG; + return (NULL); + } + } + left_len = strlcpy(left, symlink, sizeof(left)); + } } - /* It's okay if the close fails, what's an fd more or less? */ - (void)close(fd); + /* + * Remove trailing slash except when the resolved pathname + * is a single "/". + */ + if (resolved_len > 1 && resolved[resolved_len - 1] == '/') + resolved[resolved_len - 1] = '\0'; return (resolved); - -err1: serrno = errno; -#ifdef HAVE_FCHDIR - (void)fchdir(fd); -#else - chdir(start); -#endif -err2: (void)close(fd); - errno = serrno; - return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 2291c00ab2aef934391c23227645121719df4c4b Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Fri, 26 Aug 2005 13:15:19 -0700 Subject: - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@ --- CREDITS | 4 +- ChangeLog | 10 +++- LICENCE | 1 + auth.c | 4 ++ configure.ac | 6 ++- defines.h | 6 ++- includes.h | 4 ++ openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/port-uw.c | 115 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-uw.h | 30 +++++++++++ openbsd-compat/xcrypt.c | 4 ++ session.c | 5 ++ 13 files changed, 189 insertions(+), 7 deletions(-) create mode 100644 openbsd-compat/port-uw.c create mode 100644 openbsd-compat/port-uw.h (limited to 'openbsd-compat') diff --git a/CREDITS b/CREDITS index 2a77b8729..82b9f2210 100644 --- a/CREDITS +++ b/CREDITS @@ -3,6 +3,7 @@ Tatu Ylonen - Creator of SSH Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song - Creators of OpenSSH +Ahsan Rashid - UnixWare long passwords Alain St-Denis - Irix fix Alexandre Oliva - AIX fixes Andre Lucas - new login code, many fixes @@ -32,6 +33,7 @@ David Del Piero - bug fixes David Hesprich - Configure fixes David Rankin - libwrap, AIX, NetBSD fixes Dag-Erling Smørgrav - Challenge-Response PAM code. +Dhiraj Gulati - UnixWare long passwords Ed Eden - configure fixes Garrick James - configure fixes Gary E. Miller - SCO support @@ -98,5 +100,5 @@ Apologies to anyone I have missed. Damien Miller -$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $ +$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $ diff --git a/ChangeLog b/ChangeLog index 5c9182c23..d0ef8312e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20050826 + - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c + openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h + openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c + openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) + on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing + by tim@. Feedback and OK dtucker@ + 20050823 - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" @@ -2953,4 +2961,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3878 2005/08/24 00:18:21 tim Exp $ +$Id: ChangeLog,v 1.3879 2005/08/26 20:15:19 tim Exp $ diff --git a/LICENCE b/LICENCE index 5def839e5..ac3634f22 100644 --- a/LICENCE +++ b/LICENCE @@ -204,6 +204,7 @@ OpenSSH contains no GPL code. William Jones Darren Tucker Sun Microsystems + The SCO Group * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/auth.c b/auth.c index 82fe8f06b..d62d8ff22 100644 --- a/auth.c +++ b/auth.c @@ -97,7 +97,11 @@ allowed_user(struct passwd * pw) /* grab passwd field for locked account check */ #ifdef USE_SHADOW if (spw != NULL) +#ifdef HAVE_LIBIAF + passwd = get_iaf_password(pw); +#else passwd = spw->sp_pwdp; +#endif /* HAVE_LIBIAF */ #else passwd = pw->pw_passwd; #endif diff --git a/configure.ac b/configure.ac index f1588c693..c9c8218d3 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.288 2005/08/24 00:11:26 tim Exp $ +# $Id: configure.ac,v 1.289 2005/08/26 20:15:20 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -446,6 +446,8 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) + check_for_libcrypt_later=1 + AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -643,6 +645,7 @@ AC_CHECK_HEADERS( \ getopt.h \ glob.h \ ia.h \ + iaf.h \ lastlog.h \ limits.h \ login.h \ @@ -1721,6 +1724,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") fi +AC_CHECK_LIB(iaf, ia_openinfo) ### Configure cryptographic random number support diff --git a/defines.h b/defines.h index 670fc3fe5..8d3617d06 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.125 2005/08/24 00:18:21 tim Exp $ */ +/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */ /* Constants */ @@ -688,6 +688,10 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +#ifdef UNIXWARE_LONG_PASSWORDS +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif + /* HP-UX 11.11 */ #ifdef BTMP_FILE # define _PATH_BTMP BTMP_FILE diff --git a/includes.h b/includes.h index 9408fec9a..fa65aa38d 100644 --- a/includes.h +++ b/includes.h @@ -169,6 +169,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_IAF_H +# include +#endif + #ifdef HAVE_TMPDIR_H # include #endif diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index c6e08867c..6f5ee2845 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $ +# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o +PORTS=port-irix.o port-aix.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index e66f5ec55..ba68bc27e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -173,5 +173,6 @@ char *shadow_pw(struct passwd *pw); #include "bsd-cygwin_util.h" #include "port-irix.h" #include "port-aix.h" +#include "port-uw.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c new file mode 100644 index 000000000..cbc3f686b --- /dev/null +++ b/openbsd-compat/port-uw.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2005 The SCO Group. All rights reserved. + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef UNIXWARE_LONG_PASSWORDS +#ifdef HAVE_CRYPT_H +#include +#endif +#include "packet.h" +#include "buffer.h" +#include "log.h" +#include "servconf.h" +#include "auth.h" +#include "auth-options.h" + +int nischeck(char *); + +int +sys_auth_passwd(Authctxt *authctxt, const char *password) +{ + struct passwd *pw = authctxt->pw; + char *encrypted_password; + char *salt; + + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + + /* Check for users with no password. */ + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) + return (1); + + salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; + if (nischeck(pw->pw_name)) + return(strcmp(crypt(password, salt), pw_password) == 0); + else + return(strcmp(bigcrypt(password, salt), pw_password) == 0); +} + +int +nischeck(char *namep) +{ + char password_file[] = "/etc/passwd"; + FILE *fd; + struct passwd *ent = NULL; + + if ((fd = fopen (password_file, "r")) == NULL) { + /* + * If the passwd file has dissapeared we are in a bad state. + * However, returning 0 will send us back through the + * authentication scheme that has checked the ia database for + * passwords earlier. + */ + return(0); + } + + /* + * fgetpwent() only reads from password file, so we know for certain + * that the user is local. + */ + while (ent = fgetpwent(fd)) { + if (strcmp (ent->pw_name, namep) == 0) { + /* Local user */ + fclose (fd); + return(0); + } + } + + fclose (fd); + return (1); +} + +#endif /* UNIXWARE_LONG_PASSWORDS */ + +#ifdef HAVE_LIBIAF +char * +get_iaf_password(struct passwd *pw) +{ + char *pw_password = NULL; + + uinfo_t uinfo; + if (!ia_openinfo(pw->pw_name,&uinfo)) { + ia_get_logpwd(uinfo, &pw_password); + if (pw_password == NULL) + fatal("Unable to get the shadow passwd"); + ia_closeinfo(uinfo); + return pw_password; + } + else + fatal("Unable to open the shadow passwd file"); +} +#endif /* HAVE_LIBIAF */ + diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h new file mode 100644 index 000000000..f16bb5e5c --- /dev/null +++ b/openbsd-compat/port-uw.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef HAVE_LIBIAF +char * get_iaf_password(struct passwd *pw); +#endif /* HAVE_LIBIAF */ + diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index c3cea3c86..453203270 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -91,7 +91,11 @@ shadow_pw(struct passwd *pw) struct spwd *spw = getspnam(pw->pw_name); if (spw != NULL) +#ifdef HAVE_LIBIAF + pw_password = get_iaf_password(pw); +#else pw_password = spw->sp_pwdp; +#endif /* HAVE_LIBIAF */ # endif # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; diff --git a/session.c b/session.c index 95084aec6..98bd3121c 100644 --- a/session.c +++ b/session.c @@ -1334,6 +1334,11 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ +# ifdef HAVE_LIBIAF + if (set_id(pw->pw_name) != 0) { + exit(1); + } +# endif /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3 From 66fd217e8e57f0c86179d77dc14e42efd3098320 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 31 Aug 2005 09:59:49 -0700 Subject: - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@ --- ChangeLog | 8 ++++++-- auth.c | 7 +++++-- configure.ac | 3 ++- defines.h | 4 ++-- openbsd-compat/port-uw.c | 35 +++++++++++++++++++++++++++-------- openbsd-compat/port-uw.h | 4 ++-- openbsd-compat/xcrypt.c | 9 +++++---- session.c | 4 ++-- 8 files changed, 51 insertions(+), 23 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 139934ca1..8f3ffeda0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -20050830 +20050831 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] @@ -11,6 +11,10 @@ [version.h] 4.2 - (dtucker) [README] Update release note URL to 4.2 + - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c + openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable + libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). + Feedback and OK dtucker@ 20050830 - (tim) [configure.ac] Back out last change. It needs to be done differently. @@ -2982,4 +2986,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3885 2005/08/31 14:05:56 dtucker Exp $ +$Id: ChangeLog,v 1.3886 2005/08/31 16:59:49 tim Exp $ diff --git a/auth.c b/auth.c index d62d8ff22..2dc5c2be6 100644 --- a/auth.c +++ b/auth.c @@ -97,11 +97,11 @@ allowed_user(struct passwd * pw) /* grab passwd field for locked account check */ #ifdef USE_SHADOW if (spw != NULL) -#ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) passwd = get_iaf_password(pw); #else passwd = spw->sp_pwdp; -#endif /* HAVE_LIBIAF */ +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ #else passwd = pw->pw_passwd; #endif @@ -123,6 +123,9 @@ allowed_user(struct passwd * pw) if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) locked = 1; #endif +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) + free(passwd); +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ if (locked) { logit("User %.100s not allowed because account is locked", pw->pw_name); diff --git a/configure.ac b/configure.ac index 2834c5802..1e4df2e33 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.291 2005/08/30 14:12:02 tim Exp $ +# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -456,6 +456,7 @@ mips-sony-bsd|mips-sony-newsos4) case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x TEST_SHELL=/u95/bin/sh + AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) ;; esac ;; diff --git a/defines.h b/defines.h index 8d3617d06..408b988b5 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.126 2005/08/26 20:15:20 tim Exp $ */ +/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */ /* Constants */ @@ -688,7 +688,7 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif -#ifdef UNIXWARE_LONG_PASSWORDS +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) # define CUSTOM_SYS_AUTH_PASSWD 1 #endif diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index cbc3f686b..d881ff028 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -25,7 +25,7 @@ #include "includes.h" -#ifdef UNIXWARE_LONG_PASSWORDS +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) #ifdef HAVE_CRYPT_H #include #endif @@ -44,6 +44,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) struct passwd *pw = authctxt->pw; char *encrypted_password; char *salt; + int result; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; @@ -52,13 +53,27 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); + /* Encrypt the candidate password using the proper salt. */ salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; - if (nischeck(pw->pw_name)) - return(strcmp(crypt(password, salt), pw_password) == 0); +#ifdef UNIXWARE_LONG_PASSWORDS + if (!nischeck(pw->pw_name)) + encrypted_password = bigcrypt(password, salt); else - return(strcmp(bigcrypt(password, salt), pw_password) == 0); +#endif /* UNIXWARE_LONG_PASSWORDS */ + encrypted_password = xcrypt(password, salt); + + /* + * Authentication is accepted if the encrypted passwords + * are identical. + */ + result = (strcmp(encrypted_password, pw_password) == 0); + + if (authctxt->valid) + free(pw_password); + return(result); } +#ifdef UNIXWARE_LONG_PASSWORDS int nischeck(char *namep) { @@ -94,7 +109,11 @@ nischeck(char *namep) #endif /* UNIXWARE_LONG_PASSWORDS */ -#ifdef HAVE_LIBIAF +/* + NOTE: ia_get_logpwd() allocates memory for arg 2 + functions that call shadow_pw() will need to free + */ + char * get_iaf_password(struct passwd *pw) { @@ -104,12 +123,12 @@ get_iaf_password(struct passwd *pw) if (!ia_openinfo(pw->pw_name,&uinfo)) { ia_get_logpwd(uinfo, &pw_password); if (pw_password == NULL) - fatal("Unable to get the shadow passwd"); + fatal("ia_get_logpwd: Unable to get the shadow passwd"); ia_closeinfo(uinfo); return pw_password; } else - fatal("Unable to open the shadow passwd file"); + fatal("ia_openinfo: Unable to open the shadow passwd file"); } -#endif /* HAVE_LIBIAF */ +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h index f16bb5e5c..3589b2e44 100644 --- a/openbsd-compat/port-uw.h +++ b/openbsd-compat/port-uw.h @@ -24,7 +24,7 @@ #include "includes.h" -#ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) char * get_iaf_password(struct passwd *pw); -#endif /* HAVE_LIBIAF */ +#endif diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 453203270..9afa0b9f2 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -91,12 +91,13 @@ shadow_pw(struct passwd *pw) struct spwd *spw = getspnam(pw->pw_name); if (spw != NULL) -#ifdef HAVE_LIBIAF - pw_password = get_iaf_password(pw); -#else pw_password = spw->sp_pwdp; -#endif /* HAVE_LIBIAF */ # endif + +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) + return(get_iaf_password(pw)); +#endif + # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) diff --git a/session.c b/session.c index 98bd3121c..db8722f47 100644 --- a/session.c +++ b/session.c @@ -1334,11 +1334,11 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ -# ifdef HAVE_LIBIAF +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) if (set_id(pw->pw_name) != 0) { exit(1); } -# endif +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3