From 4d6656b1030c2090f8769ce9cce0a9e5dd135945 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Oct 2009 15:04:12 +1100 Subject: - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat. --- openbsd-compat/port-linux.c | 37 ++++++++++++++++++++++++++++++++++++- openbsd-compat/port-linux.h | 3 ++- 2 files changed, 38 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index ad262758e..88c601e20 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.6 2009/10/24 04:04:13 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -29,6 +29,7 @@ #ifdef WITH_SELINUX #include "log.h" +#include "xmalloc.h" #include "port-linux.h" #include @@ -168,4 +169,38 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) freecon(user_ctx); debug3("%s: done", __func__); } + +void +ssh_selinux_change_context(const char *newname) +{ + int len, newlen; + char *oldctx, *newctx, *cx; + + if (!ssh_selinux_enabled()) + return; + + if (getcon((security_context_t *)&oldctx) < 0) { + logit("%s: getcon failed with %s", __func__, strerror (errno)); + return; + } + if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == + NULL) { + logit ("%s: unparseable context %s", __func__, oldctx); + return; + } + + newlen = strlen(oldctx) + strlen(newname) + 1; + newctx = xmalloc(newlen); + len = cx - oldctx + 1; + memcpy(newctx, oldctx, len); + strlcpy(newctx + len, newname, newlen - len); + if ((cx = index(cx + 1, ':'))) + strlcat(newctx, cx, newlen); + debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, + newctx); + if (setcon(newctx) < 0) + logit("%s: setcon failed with %s", __func__, strerror (errno)); + xfree(oldctx); + xfree(newctx); +} #endif /* WITH_SELINUX */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 5cd39bf83..6ad4a49f6 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.3 2009/10/24 04:04:13 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -23,6 +23,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); +void ssh_selinux_change_context(const char *); #endif #endif /* ! _PORT_LINUX_H */ -- cgit v1.2.3 From c8802aac28470714ec204d00342f6ecbca45908f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Dec 2009 13:39:48 +1100 Subject: - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, based on a patch from Vaclav Ovsik and Colin Watson. ok djm. --- ChangeLog | 4 +++ configure.ac | 5 ++-- openbsd-compat/port-linux.c | 63 +++++++++++++++++++++++++++++++++++++++++++-- openbsd-compat/port-linux.h | 7 ++++- platform.c | 14 +++++++++- platform.h | 3 ++- sshd.c | 1 + 7 files changed, 90 insertions(+), 7 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 53d89c905..7f95697f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20091208 + - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, + based on a patch from Vaclav Ovsik and Colin Watson. ok djm. + 20091207 - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. Tested by Martin Paljak. diff --git a/configure.ac b/configure.ac index 88a248fb5..94f049fc6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.431 2009/12/07 00:15:43 dtucker Exp $ +# $Id: configure.ac,v 1.432 2009/12/08 02:39:48 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.431 $) +AC_REVISION($Revision: 1.432 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -589,6 +589,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) if it doesn't return EOPNOTSUPP.]) AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) AC_DEFINE(USE_BTMP) + AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 88c601e20..cda751dea 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.6 2009/10/24 04:04:13 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.7 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -23,15 +23,17 @@ #include "includes.h" +#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) #include #include #include +#include -#ifdef WITH_SELINUX #include "log.h" #include "xmalloc.h" #include "port-linux.h" +#ifdef WITH_SELINUX #include #include #include @@ -204,3 +206,60 @@ ssh_selinux_change_context(const char *newname) xfree(newctx); } #endif /* WITH_SELINUX */ + +#ifdef LINUX_OOM_ADJUST +#define OOM_ADJ_PATH "/proc/self/oom_adj" +/* + * The magic "don't kill me", as documented in eg: + * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt + */ +#define OOM_ADJ_NOKILL -17 + +static int oom_adj_save = INT_MIN; + +/* + * Tell the kernel's out-of-memory killer to avoid sshd. + * Returns the previous oom_adj value or zero. + */ +void +oom_adjust_setup(void) +{ + FILE *fp; + + debug3("%s", __func__); + if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { + if (fscanf(fp, "%d", &oom_adj_save) != 1) + logit("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); + else { + rewind(fp); + if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) + logit("error writing %s: %s", + OOM_ADJ_PATH, strerror(errno)); + else + verbose("Set %s from %d to %d", + OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); + } + fclose(fp); + } +} + +/* Restore the saved OOM adjustment */ +void +oom_adjust_restore(void) +{ + FILE *fp; + + debug3("%s", __func__); + if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) + return; + + if (fprintf(fp, "%d\n", oom_adj_save) <= 0) + logit("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + else + verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); + + fclose(fp); + return; +} +#endif /* LINUX_OOM_ADJUST */ +#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 6ad4a49f6..209d9a7a2 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.3 2009/10/24 04:04:13 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -26,4 +26,9 @@ void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); #endif +#ifdef LINUX_OOM_ADJUST +void oom_adjust_restore(void); +void oom_adjust_setup(void); +#endif + #endif /* ! _PORT_LINUX_H */ diff --git a/platform.c b/platform.c index aee4b01e7..2dc4352f4 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.1 2006/08/30 17:24:41 djm Exp $ */ +/* $Id: platform.c,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -21,6 +21,15 @@ #include "openbsd-compat/openbsd-compat.h" +void +platform_pre_listen(void) +{ +#ifdef LINUX_OOM_ADJUST + /* Adjust out-of-memory killer so listening process is not killed */ + oom_adjust_setup(); +#endif +} + void platform_pre_fork(void) { @@ -43,4 +52,7 @@ platform_post_fork_child(void) #ifdef USE_SOLARIS_PROCESS_CONTRACTS solaris_contract_post_fork_child(); #endif +#ifdef LINUX_OOM_ADJUST + oom_adjust_restore(); +#endif } diff --git a/platform.h b/platform.h index cf93bc57c..8a34e364e 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.1 2006/08/30 17:24:41 djm Exp $ */ +/* $Id: platform.h,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -18,6 +18,7 @@ #include +void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); diff --git a/sshd.c b/sshd.c index 04d8f9fa0..38aaa1820 100644 --- a/sshd.c +++ b/sshd.c @@ -1656,6 +1656,7 @@ main(int ac, char **av) if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out); } else { + platform_pre_listen(); server_listen(); if (options.protocol & SSH_PROTO_1) -- cgit v1.2.3 From 1bf3503c9d5f0c79a108ea0060bcec3e0efe2b37 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 21 Dec 2009 10:49:21 +1100 Subject: - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] Bug #1583: Use system's kerberos principal name on AIX if it's available. Based on a patch from and tested by Miguel Sanders. --- ChangeLog | 5 +++++ auth-krb5.c | 13 ++++++++++--- openbsd-compat/port-aix.c | 25 +++++++++++++++++++++++++ openbsd-compat/port-aix.h | 6 +++++- platform.c | 12 +++++++++++- platform.h | 4 +++- 6 files changed, 59 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 7f95697f4..677a6af1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20091221 + - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] + Bug #1583: Use system's kerberos principal name on AIX if it's available. + Based on a patch from and tested by Miguel Sanders + 20091208 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, based on a patch from Vaclav Ovsik and Colin Watson. ok djm. diff --git a/auth-krb5.c b/auth-krb5.c index 868288126..d019fe202 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -78,6 +78,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_error_code problem; krb5_ccache ccache = NULL; int len; + char *client, *platform_client; + + /* get platform-specific kerberos client principal name (if it exists) */ + platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); + client = platform_client ? platform_client : authctxt->pw->pw_name; temporarily_use_uid(authctxt->pw); @@ -85,7 +90,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, + problem = krb5_parse_name(authctxt->krb5_ctx, client, &authctxt->krb5_user); if (problem) goto out; @@ -141,8 +146,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, - authctxt->pw->pw_name)) { + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { problem = -1; goto out; } @@ -176,6 +180,9 @@ auth_krb5_password(Authctxt *authctxt, const char *password) out: restore_uid(); + + if (platform_client != NULL) + xfree(platform_client); if (problem) { if (ccache) diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index d9c0876f3..0bdefbf6d 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -374,6 +374,31 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# ifdef USE_AIX_KRB_NAME +/* + * aix_krb5_get_principal_name: returns the user's kerberos client principal name if + * configured, otherwise NULL. Caller must free returned string. + */ +char * +aix_krb5_get_principal_name(char *pw_name) +{ + char *authname = NULL, *authdomain = NULL, *principal = NULL; + + setuserdb(S_READ); + if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) + debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); + if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) + debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); + + if (authdomain != NULL) + xasprintf(&principal, "%s@%s", authname ? authname : pw_name, authdomain); + else if (authname != NULL) + principal = xstrdup(authname); + enduserdb(); + return principal; +} +# endif /* USE_AIX_KRB_NAME */ + # if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) # undef getnameinfo /* diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 3ac76ae15..53e4e88a0 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.32 2009/12/20 23:49:22 dtucker Exp $ */ /* * @@ -95,6 +95,10 @@ int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG char *sys_auth_get_lastlogin_msg(const char *, uid_t); # define CUSTOM_FAILED_LOGIN 1 +# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME) +# define USE_AIX_KRB_NAME +char *aix_krb5_get_principal_name(char *); +# endif #endif void aix_setauthdb(const char *); diff --git a/platform.c b/platform.c index 2dc4352f4..e3a428aaa 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: platform.c,v 1.3 2009/12/20 23:49:22 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -56,3 +56,13 @@ platform_post_fork_child(void) oom_adjust_restore(); #endif } + +char * +platform_krb5_get_principal_name(const char *pw_name) +{ +#ifdef USE_AIX_KRB_NAME + return aix_krb5_get_principal_name(pw_name); +#else + return NULL; +#endif +} diff --git a/platform.h b/platform.h index 8a34e364e..07ae3ad85 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: platform.h,v 1.3 2009/12/20 23:49:22 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -22,3 +22,5 @@ void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); +char * platform_get_krb5_client(const char *); + -- cgit v1.2.3 From ab3c2cab18a6c5ae9dd93cacb1a179e48d245228 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 13 Jan 2010 18:27:32 +1100 Subject: - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: missing restore of SIGTTOU and some whitespace. --- ChangeLog | 2 ++ openbsd-compat/readpassphrase.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 9bd45a121..87c236e66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20100113 - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs. + - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: + missing restore of SIGTTOU and some whitespace. 20100112 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 11bd8f646..16e07e816 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -152,6 +152,7 @@ restart: (void)sigaction(SIGTERM, &saveterm, NULL); (void)sigaction(SIGTSTP, &savetstp, NULL); (void)sigaction(SIGTTIN, &savettin, NULL); + (void)sigaction(SIGTTOU, &savettou, NULL); if (input != STDIN_FILENO) (void)close(input); @@ -172,7 +173,7 @@ restart: errno = save_errno; return(nr == -1 ? NULL : buf); } - + #if 0 char * getpass(const char *prompt) -- cgit v1.2.3 From 1035cb4729857ec00d1a976476b840bfe0351312 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 13 Jan 2010 18:32:59 +1100 Subject: - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. --- ChangeLog | 1 + openbsd-compat/readpassphrase.c | 47 +++++++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 20 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 87c236e66..7c4fad33d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs. - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: missing restore of SIGTTOU and some whitespace. + - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. 20100112 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 16e07e816..8b9486357 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,7 +1,7 @@ -/* $OpenBSD: readpassphrase.c,v 1.18 2005/08/08 08:05:34 espie Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.21 2008/01/17 16:27:07 millert Exp $ */ /* - * Copyright (c) 2000-2002 Todd C. Miller + * Copyright (c) 2000-2002, 2007 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -68,6 +68,8 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) restart: signo = 0; + nr = -1; + save_errno = 0; /* * Read and write to /dev/tty if available. If not, read from * stdin and write to stderr unless a tty is required. @@ -117,26 +119,30 @@ restart: oterm.c_lflag |= ECHO; } - if (!(flags & RPP_STDIN)) - (void)write(output, prompt, strlen(prompt)); - end = buf + bufsiz - 1; - for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { - if (p < end) { - if ((flags & RPP_SEVENBIT)) - ch &= 0x7f; - if (isalpha(ch)) { - if ((flags & RPP_FORCELOWER)) - ch = tolower(ch); - if ((flags & RPP_FORCEUPPER)) - ch = toupper(ch); + /* No I/O if we are already backgrounded. */ + if (signo != SIGTTOU && signo != SIGTTIN) { + if (!(flags & RPP_STDIN)) + (void)write(output, prompt, strlen(prompt)); + end = buf + bufsiz - 1; + p = buf; + while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { + if (p < end) { + if ((flags & RPP_SEVENBIT)) + ch &= 0x7f; + if (isalpha(ch)) { + if ((flags & RPP_FORCELOWER)) + ch = (char)tolower(ch); + if ((flags & RPP_FORCEUPPER)) + ch = (char)toupper(ch); + } + *p++ = ch; } - *p++ = ch; } + *p = '\0'; + save_errno = errno; + if (!(term.c_lflag & ECHO)) + (void)write(output, "\n", 1); } - *p = '\0'; - save_errno = errno; - if (!(term.c_lflag & ECHO)) - (void)write(output, "\n", 1); /* Restore old terminal settings and signals. */ if (memcmp(&term, &oterm, sizeof(term)) != 0) { @@ -170,7 +176,8 @@ restart: } } - errno = save_errno; + if (save_errno) + errno = save_errno; return(nr == -1 ? NULL : buf); } -- cgit v1.2.3 From d59487a33bfaadc3ced41a1c604ec603d716df42 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 13 Jan 2010 21:32:44 +1100 Subject: - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22. Fixes bz #1590, where sometimes you could not interrupt a connection while ssh was prompting for a passphrase or password. --- ChangeLog | 3 +++ openbsd-compat/readpassphrase.c | 32 +++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 7c4fad33d..652d8d19b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: missing restore of SIGTTOU and some whitespace. - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. + - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22. + Fixes bz #1590, where sometimes you could not interrupt a connection while + ssh was prompting for a passphrase or password. 20100112 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 8b9486357..62b6d0d84 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpassphrase.c,v 1.21 2008/01/17 16:27:07 millert Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */ /* * Copyright (c) 2000-2002, 2007 Todd C. Miller @@ -46,7 +46,7 @@ # define _POSIX_VDISABLE VDISABLE #endif -static volatile sig_atomic_t signo; +static volatile sig_atomic_t signo[_NSIG]; static void handler(int); @@ -54,7 +54,7 @@ char * readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) { ssize_t nr; - int input, output, save_errno; + int input, output, save_errno, i, need_restart; char ch, *p, *end; struct termios term, oterm; struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; @@ -67,9 +67,11 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) } restart: - signo = 0; + for (i = 0; i < _NSIG; i++) + signo[i] = 0; nr = -1; save_errno = 0; + need_restart = 0; /* * Read and write to /dev/tty if available. If not, read from * stdin and write to stderr unless a tty is required. @@ -120,7 +122,7 @@ restart: } /* No I/O if we are already backgrounded. */ - if (signo != SIGTTOU && signo != SIGTTIN) { + if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) { if (!(flags & RPP_STDIN)) (void)write(output, prompt, strlen(prompt)); end = buf + bufsiz - 1; @@ -166,15 +168,19 @@ restart: * If we were interrupted by a signal, resend it to ourselves * now that we have restored the signal handlers. */ - if (signo) { - kill(getpid(), signo); - switch (signo) { - case SIGTSTP: - case SIGTTIN: - case SIGTTOU: - goto restart; + for (i = 0; i < _NSIG; i++) { + if (signo[i]) { + kill(getpid(), i); + switch (i) { + case SIGTSTP: + case SIGTTIN: + case SIGTTOU: + need_restart = 1; + } } } + if (need_restart) + goto restart; if (save_errno) errno = save_errno; @@ -194,6 +200,6 @@ getpass(const char *prompt) static void handler(int s) { - signo = s; + signo[s] = 1; } #endif /* HAVE_READPASSPHRASE */ -- cgit v1.2.3 From 9d1fd5bc1017c09bc9ff8b28511b0851fd3472a4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 15 Jan 2010 12:14:45 +1100 Subject: - (dtucker) [openbsd-compat.c/pwcache.c] Pull in pwcache.c from OpenBSD (no changes yet but there will be some to come). --- ChangeLog | 2 + openbsd-compat/pwcache.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 openbsd-compat/pwcache.c (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 0d35871eb..5e2caf338 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,8 @@ inherited SIGTERM as ignored it will still be able to kill the ssh it starts. ok dtucker@ + - (dtucker) [openbsd-compat.c/pwcache.c] Pull in pwcache.c from OpenBSD (no + changes yet but there will be some to come). 20100114 - (djm) [platform.h] Add missing prototype for diff --git a/openbsd-compat/pwcache.c b/openbsd-compat/pwcache.c new file mode 100644 index 000000000..6f8e6447e --- /dev/null +++ b/openbsd-compat/pwcache.c @@ -0,0 +1,99 @@ +/* $OpenBSD: pwcache.c,v 1.9 2005/08/08 08:05:34 espie Exp $ */ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include +#include +#include +#include + +#define NCACHE 64 /* power of 2 */ +#define MASK (NCACHE - 1) /* bits to store with */ + +char * +user_from_uid(uid_t uid, int nouser) +{ + static struct ncache { + uid_t uid; + char name[_PW_NAME_LEN + 1]; + } c_uid[NCACHE]; + static int pwopen; + static char nbuf[15]; /* 32 bits == 10 digits */ + struct passwd *pw; + struct ncache *cp; + + cp = c_uid + (uid & MASK); + if (cp->uid != uid || !*cp->name) { + if (pwopen == 0) { + setpassent(1); + pwopen = 1; + } + if ((pw = getpwuid(uid)) == NULL) { + if (nouser) + return (NULL); + (void)snprintf(nbuf, sizeof(nbuf), "%u", uid); + return (nbuf); + } + cp->uid = uid; + strlcpy(cp->name, pw->pw_name, sizeof(cp->name)); + } + return (cp->name); +} + +char * +group_from_gid(gid_t gid, int nogroup) +{ + static struct ncache { + gid_t gid; + char name[_PW_NAME_LEN + 1]; + } c_gid[NCACHE]; + static int gropen; + static char nbuf[15]; /* 32 bits == 10 digits */ + struct group *gr; + struct ncache *cp; + + cp = c_gid + (gid & MASK); + if (cp->gid != gid || !*cp->name) { + if (gropen == 0) { + setgroupent(1); + gropen = 1; + } + if ((gr = getgrgid(gid)) == NULL) { + if (nogroup) + return (NULL); + (void)snprintf(nbuf, sizeof(nbuf), "%u", gid); + return (nbuf); + } + cp->gid = gid; + strlcpy(cp->name, gr->gr_name, sizeof(cp->name)); + } + return (cp->name); +} -- cgit v1.2.3 From 909a390bb812b49f283a4b02e0cc8d582f020fb2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 15 Jan 2010 12:38:30 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability for pwcache. Also, added caching of negative hits. --- ChangeLog | 2 ++ configure.ac | 8 ++++++-- openbsd-compat/Makefile.in | 4 ++-- openbsd-compat/pwcache.c | 29 +++++++++++++++++++++-------- 4 files changed, 31 insertions(+), 12 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 5e2caf338..d7b082248 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ ok dtucker@ - (dtucker) [openbsd-compat.c/pwcache.c] Pull in pwcache.c from OpenBSD (no changes yet but there will be some to come). + - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability + for pwcache. Also, added caching of negative hits. 20100114 - (djm) [platform.h] Add missing prototype for diff --git a/configure.ac b/configure.ac index e6e6259bd..3293e61c6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.434 2010/01/09 23:26:58 dtucker Exp $ +# $Id: configure.ac,v 1.435 2010/01/15 01:38:30 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.434 $) +AC_REVISION($Revision: 1.435 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1351,6 +1351,7 @@ AC_CHECK_FUNCS( \ getrlimit \ getttyent \ glob \ + group_from_gid \ inet_aton \ inet_ntoa \ inet_ntop \ @@ -1377,8 +1378,10 @@ AC_CHECK_FUNCS( \ setegid \ setenv \ seteuid \ + setgroupent \ setgroups \ setlogin \ + setpassent\ setpcred \ setproctitle \ setregid \ @@ -1407,6 +1410,7 @@ AC_CHECK_FUNCS( \ truncate \ unsetenv \ updwtmpx \ + user_from_uid \ vasprintf \ vhangup \ vsnprintf \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index a60e5a68d..d65b77b5b 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.43 2008/06/08 17:32:29 dtucker Exp $ +# $Id: Makefile.in,v 1.44 2010/01/15 01:38:30 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o diff --git a/openbsd-compat/pwcache.c b/openbsd-compat/pwcache.c index 6f8e6447e..472505d02 100644 --- a/openbsd-compat/pwcache.c +++ b/openbsd-compat/pwcache.c @@ -28,22 +28,26 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/pwcache.c */ + #include #include #include #include +#include #include #define NCACHE 64 /* power of 2 */ #define MASK (NCACHE - 1) /* bits to store with */ +#ifndef HAVE_USER_FROM_UID char * user_from_uid(uid_t uid, int nouser) { static struct ncache { uid_t uid; - char name[_PW_NAME_LEN + 1]; + char *name; } c_uid[NCACHE]; static int pwopen; static char nbuf[15]; /* 32 bits == 10 digits */ @@ -51,29 +55,34 @@ user_from_uid(uid_t uid, int nouser) struct ncache *cp; cp = c_uid + (uid & MASK); - if (cp->uid != uid || !*cp->name) { + if (cp->uid != uid || cp->name == NULL) { +#ifdef HAVE_SETPASSENT if (pwopen == 0) { setpassent(1); pwopen = 1; } +#endif if ((pw = getpwuid(uid)) == NULL) { if (nouser) return (NULL); (void)snprintf(nbuf, sizeof(nbuf), "%u", uid); - return (nbuf); } cp->uid = uid; - strlcpy(cp->name, pw->pw_name, sizeof(cp->name)); + if (cp->name != NULL) + free(cp->name); + cp->name = strdup(pw ? pw->pw_name : nbuf); } return (cp->name); } +#endif +#ifndef HAVE_GROUP_FROM_GID char * group_from_gid(gid_t gid, int nogroup) { static struct ncache { gid_t gid; - char name[_PW_NAME_LEN + 1]; + char *name; } c_gid[NCACHE]; static int gropen; static char nbuf[15]; /* 32 bits == 10 digits */ @@ -81,19 +90,23 @@ group_from_gid(gid_t gid, int nogroup) struct ncache *cp; cp = c_gid + (gid & MASK); - if (cp->gid != gid || !*cp->name) { + if (cp->gid != gid || cp->name == NULL) { +#ifdef HAVE_SETGROUPENT if (gropen == 0) { setgroupent(1); gropen = 1; } +#endif if ((gr = getgrgid(gid)) == NULL) { if (nogroup) return (NULL); (void)snprintf(nbuf, sizeof(nbuf), "%u", gid); - return (nbuf); } cp->gid = gid; - strlcpy(cp->name, gr->gr_name, sizeof(cp->name)); + if (cp->name != NULL) + free(cp->name); + cp->name = strdup(gr ? gr->gr_name : nbuf); } return (cp->name); } +#endif -- cgit v1.2.3 From ca94485a484a2f33a50bc293a5bf6e8c26b6d2b5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jan 2010 11:48:27 +1100 Subject: - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h so we correctly detect whether or not we have a native user_from_uid. --- ChangeLog | 4 ++++ openbsd-compat/pwcache.c | 2 ++ 2 files changed, 6 insertions(+) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 23e98fffa..e4d6b8c44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20100116 + - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h + so we correctly detect whether or not we have a native user_from_uid. + 20100115 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2010/01/13 12:48:34 diff --git a/openbsd-compat/pwcache.c b/openbsd-compat/pwcache.c index 472505d02..fa60935d0 100644 --- a/openbsd-compat/pwcache.c +++ b/openbsd-compat/pwcache.c @@ -30,6 +30,8 @@ /* OPENBSD ORIGINAL: lib/libc/gen/pwcache.c */ +#include "includes.h" + #include #include -- cgit v1.2.3 From 2563e3f2729b90b62cc0a53137a516d2f009dc53 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jan 2010 11:53:07 +1100 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid and group_from_gid. --- ChangeLog | 2 ++ openbsd-compat/openbsd-compat.h | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index e4d6b8c44..ebe777032 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20100116 - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h so we correctly detect whether or not we have a native user_from_uid. + - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid + and group_from_gid. 20100115 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 50c6d990b..a38068d71 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.46 2008/06/08 17:32:29 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.47 2010/01/16 00:53:07 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -200,6 +200,14 @@ int vasprintf(char **, const char *, va_list); int vsnprintf(char *, size_t, const char *, va_list); #endif +#ifndef HAVE_USER_FROM_UID +char *user_from_uid(uid_t); +#endif + +#ifndef HAVE_GROUP_FROM_GUID +char *group_from_gid(gid_t); +#endif + void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); -- cgit v1.2.3 From 69371b511b998f2637fdf4bf708e15462162bc0d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jan 2010 13:30:30 +1100 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by Tim. --- ChangeLog | 2 ++ openbsd-compat/openbsd-compat.h | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index ebe777032..55e8bb1d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ so we correctly detect whether or not we have a native user_from_uid. - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid and group_from_gid. + - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by + Tim. 20100115 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a38068d71..020032bc4 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.47 2010/01/16 00:53:07 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.48 2010/01/16 02:30:30 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -201,11 +201,11 @@ int vsnprintf(char *, size_t, const char *, va_list); #endif #ifndef HAVE_USER_FROM_UID -char *user_from_uid(uid_t); +char *user_from_uid(uid_t, int); #endif #ifndef HAVE_GROUP_FROM_GUID -char *group_from_gid(gid_t); +char *group_from_gid(gid_t, int); #endif void *xmmap(size_t size); -- cgit v1.2.3 From 612e400c68e644054e476082cb757b0a157a564b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jan 2010 13:53:52 +1100 Subject: - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused variable warnings. --- ChangeLog | 2 ++ openbsd-compat/pwcache.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 0b533798d..29e555ab1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,8 @@ - markus@cvs.openbsd.org 2010/01/15 09:24:23 [sftp-common.c] unused + - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused + variable warnings. 20100115 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/pwcache.c b/openbsd-compat/pwcache.c index fa60935d0..5a8b78801 100644 --- a/openbsd-compat/pwcache.c +++ b/openbsd-compat/pwcache.c @@ -58,12 +58,12 @@ user_from_uid(uid_t uid, int nouser) cp = c_uid + (uid & MASK); if (cp->uid != uid || cp->name == NULL) { -#ifdef HAVE_SETPASSENT if (pwopen == 0) { +#ifdef HAVE_SETPASSENT setpassent(1); +#endif pwopen = 1; } -#endif if ((pw = getpwuid(uid)) == NULL) { if (nouser) return (NULL); @@ -93,12 +93,12 @@ group_from_gid(gid_t gid, int nogroup) cp = c_gid + (gid & MASK); if (cp->gid != gid || cp->name == NULL) { -#ifdef HAVE_SETGROUPENT if (gropen == 0) { +#ifdef HAVE_SETGROUPENT setgroupent(1); +#endif gropen = 1; } -#endif if ((gr = getgrgid(gid)) == NULL) { if (nogroup) return (NULL); -- cgit v1.2.3 From 4e218554222592a99991fe6320eae6277f3109a6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 16 Jan 2010 23:58:37 +1100 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. --- ChangeLog | 1 + openbsd-compat/openbsd-compat.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 29e555ab1..e41bf6a97 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ unused - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused variable warnings. + - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. 20100115 - (dtucker) OpenBSD CVS Sync diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 020032bc4..cad2408d6 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.48 2010/01/16 02:30:30 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.49 2010/01/16 12:58:37 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -204,7 +204,7 @@ int vsnprintf(char *, size_t, const char *, va_list); char *user_from_uid(uid_t, int); #endif -#ifndef HAVE_GROUP_FROM_GUID +#ifndef HAVE_GROUP_FROM_GID char *group_from_gid(gid_t, int); #endif -- cgit v1.2.3 From 19d32cb9348baec8e86bb4b19de513ff8d7fa3ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 29 Jan 2010 10:54:11 +1100 Subject: - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() after registering the hardware engines, which causes the openssl.cnf file to be processed. See OpenSSL's man page for OPENSSL_config(3) for details. Patch from Solomon Peachy, ok djm@. --- ChangeLog | 6 ++++++ openbsd-compat/openssl-compat.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 5cd1d8f63..8e427cc41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20100129 + - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() + after registering the hardware engines, which causes the openssl.cnf file to + be processed. See OpenSSL's man page for OPENSSL_config(3) for details. + Patch from Solomon Peachy, ok djm@. + 20100128 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/01/26 02:15:20 diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index dd326c00f..420496caa 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.9 2010/01/28 23:54:11 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -67,5 +67,6 @@ ssh_SSLeay_add_all_algorithms(void) /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); + OPENSSL_config(NULL); } #endif -- cgit v1.2.3 From d05951fceee3fe19fc0bea29006a6409419b609f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 28 Feb 2010 03:29:33 +1100 Subject: - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment variables copied into sshd child processes. From vinschen AT redhat.com --- ChangeLog | 4 +++- openbsd-compat/bsd-cygwin_util.c | 9 --------- 2 files changed, 3 insertions(+), 10 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 931683219..760fff736 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20100227 -- (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded + - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded + - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment + variables copied into sshd child processes. From vinschen AT redhat.com 20100226 - OpenBSD CVS Sync diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index e90c1597f..e9fa3a0e2 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -85,23 +85,14 @@ static struct wenv { size_t namelen; } wenv_arr[] = { { NL("ALLUSERSPROFILE=") }, - { NL("COMMONPROGRAMFILES=") }, { NL("COMPUTERNAME=") }, { NL("COMSPEC=") }, { NL("CYGWIN=") }, - { NL("NUMBER_OF_PROCESSORS=") }, { NL("OS=") }, { NL("PATH=") }, { NL("PATHEXT=") }, - { NL("PROCESSOR_ARCHITECTURE=") }, - { NL("PROCESSOR_IDENTIFIER=") }, - { NL("PROCESSOR_LEVEL=") }, - { NL("PROCESSOR_REVISION=") }, - { NL("PROGRAMFILES=") }, { NL("SYSTEMDRIVE=") }, { NL("SYSTEMROOT=") }, - { NL("TMP=") }, - { NL("TEMP=") }, { NL("WINDIR=") } }; -- cgit v1.2.3 From 9af0cb9accbf42aca8f87d3f3bfffcac20c2f5b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 1 Mar 2010 15:52:49 +1100 Subject: - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM adjust log at verbose only, since according to cjwatson in bug #1470 some virtualization platforms don't allow writes. --- ChangeLog | 3 +++ openbsd-compat/port-linux.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 3ce434723..1a318e049 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20100301 - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace "echo -n" with "echon" for portability. + - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM + adjust log at verbose only, since according to cjwatson in bug #1470 + some virtualization platforms don't allow writes. 20100228 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index cda751dea..89b9a7340 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.7 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -229,11 +229,11 @@ oom_adjust_setup(void) debug3("%s", __func__); if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { if (fscanf(fp, "%d", &oom_adj_save) != 1) - logit("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); else { rewind(fp); if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) - logit("error writing %s: %s", + verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); else verbose("Set %s from %d to %d", @@ -254,7 +254,7 @@ oom_adjust_restore(void) return; if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - logit("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); else verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); -- cgit v1.2.3