From b7548b12a6b2b4abf4d057192c353147e0abba08 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 23 Oct 2017 05:08:00 +0000 Subject: upstream commit Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e --- openbsd-compat/port-tun.c | 16 ++++++++++++++-- openbsd-compat/port-tun.h | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 7579c6084..0e75c911d 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -56,12 +56,15 @@ #include int -sys_tun_open(int tun, int mode) +sys_tun_open(int tun, int mode, char **ifname) { struct ifreq ifr; int fd = -1; const char *name = NULL; + if (ifname != NULL) + *ifname = NULL; + if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { debug("%s: failed to open tunnel control interface: %s", __func__, strerror(errno)); @@ -99,6 +102,9 @@ sys_tun_open(int tun, int mode) else debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + return (fd); failed: @@ -116,13 +122,16 @@ sys_tun_open(int tun, int mode) #endif int -sys_tun_open(int tun, int mode) +sys_tun_open(int tun, int mode, char **ifname) { struct ifreq ifr; char name[100]; int fd = -1, sock, flag; const char *tunbase = "tun"; + if (ifname != NULL) + *ifname = NULL; + if (mode == SSH_TUNMODE_ETHERNET) { #ifdef SSH_TUN_NO_L2 debug("%s: no layer 2 tunnelling support", __func__); @@ -180,6 +189,9 @@ sys_tun_open(int tun, int mode) goto failed; } + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + close(sock); return (fd); diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h index 103514370..926bc93e1 100644 --- a/openbsd-compat/port-tun.h +++ b/openbsd-compat/port-tun.h @@ -22,7 +22,7 @@ struct ssh; #if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) # define CUSTOM_SYS_TUN_OPEN -int sys_tun_open(int, int); +int sys_tun_open(int, int, char **); #endif #if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) -- cgit v1.2.3 From f5594f939f844bbb688313697d6676238da355b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 25 Oct 2017 13:13:57 +1100 Subject: rename port-tun.[ch] => port-net.[ch] Ahead of adding rdomain support --- openbsd-compat/Makefile.in | 2 +- openbsd-compat/openbsd-compat.h | 2 +- openbsd-compat/port-net.c | 291 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-net.h | 34 +++++ openbsd-compat/port-tun.c | 291 ---------------------------------------- openbsd-compat/port-tun.h | 34 ----- 6 files changed, 327 insertions(+), 327 deletions(-) create mode 100644 openbsd-compat/port-net.c create mode 100644 openbsd-compat/port-net.h delete mode 100644 openbsd-compat/port-tun.c delete mode 100644 openbsd-compat/port-tun.h (limited to 'openbsd-compat') diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index ac8ae4305..5eef024b5 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o +PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index cac799e84..73123bb3f 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -322,7 +322,7 @@ char *shadow_pw(struct passwd *pw); #include "port-irix.h" #include "port-linux.h" #include "port-solaris.h" -#include "port-tun.h" +#include "port-net.h" #include "port-uw.h" /* _FORTIFY_SOURCE breaks FD_ISSET(n)/FD_SET(n) for n > FD_SETSIZE. Avoid. */ diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c new file mode 100644 index 000000000..0e75c911d --- /dev/null +++ b/openbsd-compat/port-net.c @@ -0,0 +1,291 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "openbsd-compat/sys-queue.h" +#include "log.h" +#include "misc.h" +#include "sshbuf.h" +#include "channels.h" +#include "ssherr.h" + +/* + * This is the portable version of the SSH tunnel forwarding, it + * uses some preprocessor definitions for various platform-specific + * settings. + * + * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device + * SSH_TUN_COMPAT_AF Translate the OpenBSD address family + * SSH_TUN_PREPEND_AF Prepend/remove the address family + */ + +/* + * System-specific tunnel open function + */ + +#if defined(SSH_TUN_LINUX) +#include +#include + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + int fd = -1; + const char *name = NULL; + + if (ifname != NULL) + *ifname = NULL; + + if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { + debug("%s: failed to open tunnel control interface: %s", + __func__, strerror(errno)); + return (-1); + } + + bzero(&ifr, sizeof(ifr)); + + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags = IFF_TAP; + name = "tap%d"; + } else { + ifr.ifr_flags = IFF_TUN; + name = "tun%d"; + } + ifr.ifr_flags |= IFF_NO_PI; + + if (tun != SSH_TUNID_ANY) { + if (tun > SSH_TUNID_MAX) { + debug("%s: invalid tunnel id %x: %s", __func__, + tun, strerror(errno)); + goto failed; + } + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); + } + + if (ioctl(fd, TUNSETIFF, &ifr) == -1) { + debug("%s: failed to configure tunnel (mode %d): %s", __func__, + mode, strerror(errno)); + goto failed; + } + + if (tun == SSH_TUNID_ANY) + debug("%s: tunnel mode %d fd %d", __func__, mode, fd); + else + debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + + return (fd); + + failed: + close(fd); + return (-1); +} +#endif /* SSH_TUN_LINUX */ + +#ifdef SSH_TUN_FREEBSD +#include +#include + +#ifdef HAVE_NET_IF_TUN_H +#include +#endif + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + char name[100]; + int fd = -1, sock, flag; + const char *tunbase = "tun"; + + if (ifname != NULL) + *ifname = NULL; + + if (mode == SSH_TUNMODE_ETHERNET) { +#ifdef SSH_TUN_NO_L2 + debug("%s: no layer 2 tunnelling support", __func__); + return (-1); +#else + tunbase = "tap"; +#endif + } + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, + strerror(errno)); + return (-1); + } + + /* Turn on tunnel headers */ + flag = 1; +#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) + if (mode != SSH_TUNMODE_ETHERNET && + ioctl(fd, TUNSIFHEAD, &flag) == -1) { + debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, + strerror(errno)); + close(fd); + } +#endif + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + if ((ifr.ifr_flags & IFF_UP) == 0) { + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + } + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +} +#endif /* SSH_TUN_FREEBSD */ + +/* + * System-specific channel filters + */ + +#if defined(SSH_TUN_FILTER) +/* + * The tunnel forwarding protocol prepends the address family of forwarded + * IP packets using OpenBSD's numbers. + */ +#define OPENBSD_AF_INET 2 +#define OPENBSD_AF_INET6 24 + +int +sys_tun_infilter(struct ssh *ssh, struct Channel *c, char *buf, int _len) +{ + int r; + size_t len; + char *ptr = buf; +#if defined(SSH_TUN_PREPEND_AF) + char rbuf[CHAN_RBUF]; + struct ip iph; +#endif +#if defined(SSH_TUN_PREPEND_AF) || defined(SSH_TUN_COMPAT_AF) + u_int32_t af; +#endif + + /* XXX update channel input filter API to use unsigned length */ + if (_len < 0) + return -1; + len = _len; + +#if defined(SSH_TUN_PREPEND_AF) + if (len <= sizeof(iph) || len > sizeof(rbuf) - 4) + return -1; + /* Determine address family from packet IP header. */ + memcpy(&iph, buf, sizeof(iph)); + af = iph.ip_v == 6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET; + /* Prepend address family to packet using OpenBSD constants */ + memcpy(rbuf + 4, buf, len); + len += 4; + POKE_U32(rbuf, af); + ptr = rbuf; +#elif defined(SSH_TUN_COMPAT_AF) + /* Convert existing address family header to OpenBSD value */ + if (len <= 4) + return -1; + af = PEEK_U32(buf); + /* Put it back */ + POKE_U32(buf, af == AF_INET6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET); +#endif + + if ((r = sshbuf_put_string(c->input, ptr, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return (0); +} + +u_char * +sys_tun_outfilter(struct ssh *ssh, struct Channel *c, + u_char **data, size_t *dlen) +{ + u_char *buf; + u_int32_t af; + int r; + + /* XXX new API is incompatible with this signature. */ + if ((r = sshbuf_get_string(c->output, data, dlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (*dlen < sizeof(af)) + return (NULL); + buf = *data; + +#if defined(SSH_TUN_PREPEND_AF) + /* skip address family */ + *dlen -= sizeof(af); + buf = *data + sizeof(af); +#elif defined(SSH_TUN_COMPAT_AF) + /* translate address family */ + af = (PEEK_U32(buf) == OPENBSD_AF_INET6) ? AF_INET6 : AF_INET; + POKE_U32(buf, af); +#endif + return (buf); +} +#endif /* SSH_TUN_FILTER */ diff --git a/openbsd-compat/port-net.h b/openbsd-compat/port-net.h new file mode 100644 index 000000000..926bc93e1 --- /dev/null +++ b/openbsd-compat/port-net.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_TUN_H +#define _PORT_TUN_H + +struct Channel; +struct ssh; + +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) +# define CUSTOM_SYS_TUN_OPEN +int sys_tun_open(int, int, char **); +#endif + +#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) +# define SSH_TUN_FILTER +int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); +u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); +#endif + +#endif diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c deleted file mode 100644 index 0e75c911d..000000000 --- a/openbsd-compat/port-tun.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - * Copyright (c) 2005 Reyk Floeter - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "openbsd-compat/sys-queue.h" -#include "log.h" -#include "misc.h" -#include "sshbuf.h" -#include "channels.h" -#include "ssherr.h" - -/* - * This is the portable version of the SSH tunnel forwarding, it - * uses some preprocessor definitions for various platform-specific - * settings. - * - * SSH_TUN_LINUX Use the (newer) Linux tun/tap device - * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device - * SSH_TUN_COMPAT_AF Translate the OpenBSD address family - * SSH_TUN_PREPEND_AF Prepend/remove the address family - */ - -/* - * System-specific tunnel open function - */ - -#if defined(SSH_TUN_LINUX) -#include -#include - -int -sys_tun_open(int tun, int mode, char **ifname) -{ - struct ifreq ifr; - int fd = -1; - const char *name = NULL; - - if (ifname != NULL) - *ifname = NULL; - - if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { - debug("%s: failed to open tunnel control interface: %s", - __func__, strerror(errno)); - return (-1); - } - - bzero(&ifr, sizeof(ifr)); - - if (mode == SSH_TUNMODE_ETHERNET) { - ifr.ifr_flags = IFF_TAP; - name = "tap%d"; - } else { - ifr.ifr_flags = IFF_TUN; - name = "tun%d"; - } - ifr.ifr_flags |= IFF_NO_PI; - - if (tun != SSH_TUNID_ANY) { - if (tun > SSH_TUNID_MAX) { - debug("%s: invalid tunnel id %x: %s", __func__, - tun, strerror(errno)); - goto failed; - } - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); - } - - if (ioctl(fd, TUNSETIFF, &ifr) == -1) { - debug("%s: failed to configure tunnel (mode %d): %s", __func__, - mode, strerror(errno)); - goto failed; - } - - if (tun == SSH_TUNID_ANY) - debug("%s: tunnel mode %d fd %d", __func__, mode, fd); - else - debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); - - if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) - goto failed; - - return (fd); - - failed: - close(fd); - return (-1); -} -#endif /* SSH_TUN_LINUX */ - -#ifdef SSH_TUN_FREEBSD -#include -#include - -#ifdef HAVE_NET_IF_TUN_H -#include -#endif - -int -sys_tun_open(int tun, int mode, char **ifname) -{ - struct ifreq ifr; - char name[100]; - int fd = -1, sock, flag; - const char *tunbase = "tun"; - - if (ifname != NULL) - *ifname = NULL; - - if (mode == SSH_TUNMODE_ETHERNET) { -#ifdef SSH_TUN_NO_L2 - debug("%s: no layer 2 tunnelling support", __func__); - return (-1); -#else - tunbase = "tap"; -#endif - } - - /* Open the tunnel device */ - if (tun <= SSH_TUNID_MAX) { - snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); - fd = open(name, O_RDWR); - } else if (tun == SSH_TUNID_ANY) { - for (tun = 100; tun >= 0; tun--) { - snprintf(name, sizeof(name), "/dev/%s%d", - tunbase, tun); - if ((fd = open(name, O_RDWR)) >= 0) - break; - } - } else { - debug("%s: invalid tunnel %u\n", __func__, tun); - return (-1); - } - - if (fd < 0) { - debug("%s: %s open failed: %s", __func__, name, - strerror(errno)); - return (-1); - } - - /* Turn on tunnel headers */ - flag = 1; -#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) - if (mode != SSH_TUNMODE_ETHERNET && - ioctl(fd, TUNSIFHEAD, &flag) == -1) { - debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, - strerror(errno)); - close(fd); - } -#endif - - debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - - /* Set the tunnel device operation mode */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) - goto failed; - - if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) - goto failed; - if ((ifr.ifr_flags & IFF_UP) == 0) { - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - } - - if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) - goto failed; - - close(sock); - return (fd); - - failed: - if (fd >= 0) - close(fd); - if (sock >= 0) - close(sock); - debug("%s: failed to set %s mode %d: %s", __func__, name, - mode, strerror(errno)); - return (-1); -} -#endif /* SSH_TUN_FREEBSD */ - -/* - * System-specific channel filters - */ - -#if defined(SSH_TUN_FILTER) -/* - * The tunnel forwarding protocol prepends the address family of forwarded - * IP packets using OpenBSD's numbers. - */ -#define OPENBSD_AF_INET 2 -#define OPENBSD_AF_INET6 24 - -int -sys_tun_infilter(struct ssh *ssh, struct Channel *c, char *buf, int _len) -{ - int r; - size_t len; - char *ptr = buf; -#if defined(SSH_TUN_PREPEND_AF) - char rbuf[CHAN_RBUF]; - struct ip iph; -#endif -#if defined(SSH_TUN_PREPEND_AF) || defined(SSH_TUN_COMPAT_AF) - u_int32_t af; -#endif - - /* XXX update channel input filter API to use unsigned length */ - if (_len < 0) - return -1; - len = _len; - -#if defined(SSH_TUN_PREPEND_AF) - if (len <= sizeof(iph) || len > sizeof(rbuf) - 4) - return -1; - /* Determine address family from packet IP header. */ - memcpy(&iph, buf, sizeof(iph)); - af = iph.ip_v == 6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET; - /* Prepend address family to packet using OpenBSD constants */ - memcpy(rbuf + 4, buf, len); - len += 4; - POKE_U32(rbuf, af); - ptr = rbuf; -#elif defined(SSH_TUN_COMPAT_AF) - /* Convert existing address family header to OpenBSD value */ - if (len <= 4) - return -1; - af = PEEK_U32(buf); - /* Put it back */ - POKE_U32(buf, af == AF_INET6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET); -#endif - - if ((r = sshbuf_put_string(c->input, ptr, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - return (0); -} - -u_char * -sys_tun_outfilter(struct ssh *ssh, struct Channel *c, - u_char **data, size_t *dlen) -{ - u_char *buf; - u_int32_t af; - int r; - - /* XXX new API is incompatible with this signature. */ - if ((r = sshbuf_get_string(c->output, data, dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (*dlen < sizeof(af)) - return (NULL); - buf = *data; - -#if defined(SSH_TUN_PREPEND_AF) - /* skip address family */ - *dlen -= sizeof(af); - buf = *data + sizeof(af); -#elif defined(SSH_TUN_COMPAT_AF) - /* translate address family */ - af = (PEEK_U32(buf) == OPENBSD_AF_INET6) ? AF_INET6 : AF_INET; - POKE_U32(buf, af); -#endif - return (buf); -} -#endif /* SSH_TUN_FILTER */ diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h deleted file mode 100644 index 926bc93e1..000000000 --- a/openbsd-compat/port-tun.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2005 Reyk Floeter - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PORT_TUN_H -#define _PORT_TUN_H - -struct Channel; -struct ssh; - -#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) -# define CUSTOM_SYS_TUN_OPEN -int sys_tun_open(int, int, char **); -#endif - -#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) -# define SSH_TUN_FILTER -int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); -u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); -#endif - -#endif -- cgit v1.2.3 From 6eee79f9b8d4a3b113b698383948a119acb82415 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 25 Oct 2017 13:22:29 +1100 Subject: stubs for rdomain replacement functions --- openbsd-compat/port-net.c | 32 ++++++++++++++++++++++++++++++++ openbsd-compat/port-net.h | 11 +++++++++++ 2 files changed, 43 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c index 0e75c911d..d384b1454 100644 --- a/openbsd-compat/port-net.c +++ b/openbsd-compat/port-net.c @@ -36,6 +36,38 @@ #include "channels.h" #include "ssherr.h" +/* + * This file contains various portability code for network support, + * including tun/tap forwarding and routing domains. + */ + +#if defined(SYS_RDOMAIN_XXX) +/* XXX examples */ +char * +sys_get_rdomain(int fd) +{ + return NULL; +} + +int +sys_set_rdomain(int fd, const char *name) +{ + return -1; +} + +int +valid_rdomain(const char *name) +{ + return 0; +} + +void +sys_set_process_rdomain(const char *name) +{ + fatal("%s: not supported", __func__); +} +#endif /* defined(SYS_RDOMAIN_XXX) */ + /* * This is the portable version of the SSH tunnel forwarding, it * uses some preprocessor definitions for various platform-specific diff --git a/openbsd-compat/port-net.h b/openbsd-compat/port-net.h index 926bc93e1..715e9fb34 100644 --- a/openbsd-compat/port-net.h +++ b/openbsd-compat/port-net.h @@ -31,4 +31,15 @@ int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); #endif +#if defined(SYS_RDOMAIN_XXX) +# define HAVE_SYS_GET_RDOMAIN +# define HAVE_SYS_SET_RDOMAIN +# define HAVE_SYS_SET_PROCESS_RDOMAIN +# define HAVE_SYS_VALID_RDOMAIN +char *sys_get_rdomain(int fd); +int sys_set_rdomain(int fd, const char *name); +int valid_rdomain(const char *name); +void sys_set_process_rdomain(const char *name); +#endif + #endif -- cgit v1.2.3 From ce1cca39d7935dd394080ce2df62f5ce5b51f485 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 25 Oct 2017 13:47:59 +1100 Subject: implement get/set_rdomain() for Linux Not enabled, pending implementation of valid_rdomain() and autoconf glue --- openbsd-compat/port-net.c | 40 ++++++++++++++++++++++++++++++++++++++-- openbsd-compat/port-net.h | 7 +++++-- 2 files changed, 43 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c index d384b1454..f6e32ad49 100644 --- a/openbsd-compat/port-net.c +++ b/openbsd-compat/port-net.c @@ -41,7 +41,44 @@ * including tun/tap forwarding and routing domains. */ -#if defined(SYS_RDOMAIN_XXX) +#if defined(SYS_RDOMAIN_LINUX) || defined(SSH_TUN_LINUX) +#include +#endif + +#if defined(SYS_RDOMAIN_LINUX) +char * +sys_get_rdomain(int fd) +{ + char dev[IFNAMSIZ + 1]; + socklen_t len = sizeof(dev) - 1; + + if (getsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, dev, &len) == -1) { + error("%s: cannot determine VRF for fd=%d : %s", + __func__, fd, strerror(errno)); + return NULL; + } + dev[len] = '\0'; + return strdup(dev); +} + +int +sys_set_rdomain(int fd, const char *name) +{ + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + error("%s: setsockopt(%d, SO_BINDTODEVICE, %s): %s", + __func__, fd, name, strerror(errno)); + return -1; + } + return 0; +} + +int +valid_rdomain(const char *name) +{ + return 0; +} +#elif defined(SYS_RDOMAIN_XXX) /* XXX examples */ char * sys_get_rdomain(int fd) @@ -84,7 +121,6 @@ sys_set_process_rdomain(const char *name) */ #if defined(SSH_TUN_LINUX) -#include #include int diff --git a/openbsd-compat/port-net.h b/openbsd-compat/port-net.h index 715e9fb34..8aa4085f4 100644 --- a/openbsd-compat/port-net.h +++ b/openbsd-compat/port-net.h @@ -31,14 +31,17 @@ int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); #endif -#if defined(SYS_RDOMAIN_XXX) +#if defined(SYS_RDOMAIN_LINUX) # define HAVE_SYS_GET_RDOMAIN # define HAVE_SYS_SET_RDOMAIN -# define HAVE_SYS_SET_PROCESS_RDOMAIN # define HAVE_SYS_VALID_RDOMAIN char *sys_get_rdomain(int fd); int sys_set_rdomain(int fd, const char *name); int valid_rdomain(const char *name); +#endif + +#if defined(SYS_RDOMAIN_XXX) +# define HAVE_SYS_SET_PROCESS_RDOMAIN void sys_set_process_rdomain(const char *name); #endif -- cgit v1.2.3 From 97c5aaf925d61641d599071abb56012cde265978 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 25 Oct 2017 14:09:56 +1100 Subject: basic valid_rdomain() implementation for Linux --- openbsd-compat/port-net.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c index f6e32ad49..efc9f46fb 100644 --- a/openbsd-compat/port-net.c +++ b/openbsd-compat/port-net.c @@ -76,7 +76,22 @@ sys_set_rdomain(int fd, const char *name) int valid_rdomain(const char *name) { - return 0; + int fd; + + /* + * This is a pretty crappy way to test. It would be better to + * check whether "name" represents a VRF device, but apparently + * that requires an rtnetlink transaction. + */ + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) + return 0; + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + close(fd); + return 0; + } + close(fd); + return 1; } #elif defined(SYS_RDOMAIN_XXX) /* XXX examples */ -- cgit v1.2.3 From 2de5c6b53bf063ac698596ef4e23d8e3099656ea Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 27 Oct 2017 08:42:33 +1100 Subject: fix rdomain compilation errors --- openbsd-compat/port-net.c | 2 +- openbsd-compat/port-net.h | 2 +- servconf.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c index efc9f46fb..7050629c3 100644 --- a/openbsd-compat/port-net.c +++ b/openbsd-compat/port-net.c @@ -74,7 +74,7 @@ sys_set_rdomain(int fd, const char *name) } int -valid_rdomain(const char *name) +sys_valid_rdomain(const char *name) { int fd; diff --git a/openbsd-compat/port-net.h b/openbsd-compat/port-net.h index 8aa4085f4..3a0d1104b 100644 --- a/openbsd-compat/port-net.h +++ b/openbsd-compat/port-net.h @@ -37,7 +37,7 @@ u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); # define HAVE_SYS_VALID_RDOMAIN char *sys_get_rdomain(int fd); int sys_set_rdomain(int fd, const char *name); -int valid_rdomain(const char *name); +int sys_valid_rdomain(const char *name); #endif #if defined(SYS_RDOMAIN_XXX) diff --git a/servconf.c b/servconf.c index 7fc3551d7..53d81fb3c 100644 --- a/servconf.c +++ b/servconf.c @@ -736,7 +736,7 @@ static int valid_rdomain(const char *name) { #if defined(HAVE_SYS_VALID_RDOMAIN) - return valid_rdomain(name) + return sys_valid_rdomain(name); #elif defined(__OpenBSD__) const char *errstr; long long num; -- cgit v1.2.3 From f21455a084f9cc3942cf1bde64055a4916849fed Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 31 Oct 2017 10:09:33 +1100 Subject: Include includes.h for HAVE_GETPAGESIZE. The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in config.h, but bsd-getpagesize.c forgot to include includes.h (which indirectly includes config.h) so the checks always fails, causing linker issues when linking statically on systems with getpagesize(). Patch from Peter Korsgaard --- openbsd-compat/bsd-getpagesize.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-getpagesize.c b/openbsd-compat/bsd-getpagesize.c index 9daddfbd3..416a8d4cb 100644 --- a/openbsd-compat/bsd-getpagesize.c +++ b/openbsd-compat/bsd-getpagesize.c @@ -1,5 +1,7 @@ /* Placed in the public domain */ +#include "includes.h" + #ifndef HAVE_GETPAGESIZE #include -- cgit v1.2.3 From ba460acae48a36ef749cb23068f968f4d5d90a24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 24 Nov 2017 16:24:31 +1100 Subject: Include string.h for explicit_bzero. --- openbsd-compat/freezero.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c index 3af8f4a73..ca5de785b 100644 --- a/openbsd-compat/freezero.c +++ b/openbsd-compat/freezero.c @@ -16,6 +16,8 @@ #include "includes.h" +#include + #ifndef HAVE_FREEZERO void -- cgit v1.2.3 From fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 11 Feb 2018 21:25:11 +1300 Subject: Move signal compat code into bsd-signal.{c,h} --- openbsd-compat/Makefile.in | 2 +- openbsd-compat/bsd-misc.c | 37 ------------------------ openbsd-compat/bsd-misc.h | 10 ------- openbsd-compat/bsd-signal.c | 62 +++++++++++++++++++++++++++++++++++++++++ openbsd-compat/bsd-signal.h | 39 ++++++++++++++++++++++++++ openbsd-compat/openbsd-compat.h | 1 + openbsd-compat/readpassphrase.c | 8 ------ 7 files changed, 103 insertions(+), 56 deletions(-) create mode 100644 openbsd-compat/bsd-signal.c create mode 100644 openbsd-compat/bsd-signal.h (limited to 'openbsd-compat') diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 5eef024b5..213ded4d4 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 29f6ad38c..9f6dc8af2 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -104,16 +104,6 @@ const char *strerror(int e) } #endif -#if !defined(HAVE_STRSIGNAL) -char *strsignal(int sig) -{ - static char buf[16]; - - (void)snprintf(buf, sizeof(buf), "%d", sig); - return buf; -} -#endif - #ifndef HAVE_UTIMES int utimes(char *filename, struct timeval *tvp) { @@ -221,33 +211,6 @@ tcsendbreak(int fd, int duration) } #endif /* HAVE_TCSENDBREAK */ -mysig_t -mysignal(int sig, mysig_t act) -{ -#ifdef HAVE_SIGACTION - struct sigaction sa, osa; - - if (sigaction(sig, NULL, &osa) == -1) - return (mysig_t) -1; - if (osa.sa_handler != act) { - memset(&sa, 0, sizeof(sa)); - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; -#ifdef SA_INTERRUPT - if (sig == SIGALRM) - sa.sa_flags |= SA_INTERRUPT; -#endif - sa.sa_handler = act; - if (sigaction(sig, &sa, NULL) == -1) - return (mysig_t) -1; - } - return (osa.sa_handler); -#else - #undef signal - return (signal(sig, act)); -#endif -} - #ifndef HAVE_STRDUP char * strdup(const char *str) diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 0b1a3504f..2cfd5dae6 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -49,10 +49,6 @@ int setegid(uid_t); const char *strerror(int); #endif -#if !defined(HAVE_STRSIGNAL) -char *strsignal(int); -#endif - #if !defined(HAVE_SETLINEBUF) #define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) #endif @@ -98,12 +94,6 @@ int tcsendbreak(int, int); int unsetenv(const char *); #endif -/* wrapper for signal interface */ -typedef void (*mysig_t)(int); -mysig_t mysignal(int sig, mysig_t act); - -#define signal(a,b) mysignal(a,b) - #ifndef HAVE_ISBLANK int isblank(int); #endif diff --git a/openbsd-compat/bsd-signal.c b/openbsd-compat/bsd-signal.c new file mode 100644 index 000000000..979010e84 --- /dev/null +++ b/openbsd-compat/bsd-signal.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include +#include + +#include "openbsd-compat/bsd-signal.h" + +#undef signal + +mysig_t +mysignal(int sig, mysig_t act) +{ +#ifdef HAVE_SIGACTION + struct sigaction sa, osa; + + if (sigaction(sig, NULL, &osa) == -1) + return (mysig_t) -1; + if (osa.sa_handler != act) { + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; +#ifdef SA_INTERRUPT + if (sig == SIGALRM) + sa.sa_flags |= SA_INTERRUPT; +#endif + sa.sa_handler = act; + if (sigaction(sig, &sa, NULL) == -1) + return (mysig_t) -1; + } + return (osa.sa_handler); +#else + return (signal(sig, act)); +#endif +} + +#if !defined(HAVE_STRSIGNAL) +char *strsignal(int sig) +{ + static char buf[16]; + + (void)snprintf(buf, sizeof(buf), "%d", sig); + return buf; +} +#endif + diff --git a/openbsd-compat/bsd-signal.h b/openbsd-compat/bsd-signal.h new file mode 100644 index 000000000..4cb8cb7a0 --- /dev/null +++ b/openbsd-compat/bsd-signal.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _BSD_SIGNAL_H +#define _BSD_SIGNAL_H + +#include "includes.h" + +#ifndef _NSIG +# ifdef NSIG +# define _NSIG NSIG +# else +# define _NSIG 128 +# endif +#endif + +/* wrapper for signal interface */ +typedef void (*mysig_t)(int); +mysig_t mysignal(int sig, mysig_t act); +#define signal(a,b) mysignal(a,b) + +#if !defined(HAVE_STRSIGNAL) +char *strsignal(int); +#endif + +#endif /* _BSD_SIGNAL_H */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 73123bb3f..c7f660609 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -179,6 +179,7 @@ int writev(int, struct iovec *, int); /* Home grown routines */ #include "bsd-misc.h" #include "bsd-setres_id.h" +#include "bsd-signal.h" #include "bsd-statvfs.h" #include "bsd-waitpid.h" #include "bsd-poll.h" diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 24aed6e46..ff8ff3dec 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -46,14 +46,6 @@ # define _POSIX_VDISABLE VDISABLE #endif -#ifndef _NSIG -# ifdef NSIG -# define _NSIG NSIG -# else -# define _NSIG 128 -# endif -#endif - static volatile sig_atomic_t signo[_NSIG]; static void handler(int); -- cgit v1.2.3 From ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 13 Feb 2018 09:10:46 +1100 Subject: Remove UNICOS support. The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one. --- auth2.c | 8 - configure.ac | 34 -- defines.h | 24 -- loginrec.c | 6 - openbsd-compat/Makefile.in | 2 +- openbsd-compat/bsd-cray.c | 816 ---------------------------------------- openbsd-compat/bsd-cray.h | 59 --- openbsd-compat/bsd-openpty.c | 11 - openbsd-compat/openbsd-compat.h | 1 - session.c | 23 -- sshd.c | 7 - sshpty.c | 25 -- 12 files changed, 1 insertion(+), 1015 deletions(-) delete mode 100644 openbsd-compat/bsd-cray.c delete mode 100644 openbsd-compat/bsd-cray.h (limited to 'openbsd-compat') diff --git a/auth2.c b/auth2.c index 67b6b05e8..c80911aeb 100644 --- a/auth2.c +++ b/auth2.c @@ -349,13 +349,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } #endif -#ifdef _UNICOS - if (authenticated && cray_access_denied(authctxt->user)) { - authenticated = 0; - fatal("Access denied for user %s.", authctxt->user); - } -#endif /* _UNICOS */ - if (authenticated == 1) { /* turn off userauth */ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); @@ -366,7 +359,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->success = 1; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { - /* Allow initial try of "none" auth without failure penalty */ if (!partial && !authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) diff --git a/configure.ac b/configure.ac index 753395f10..38600e321 100644 --- a/configure.ac +++ b/configure.ac @@ -1073,40 +1073,6 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=$SHELL # let configure find us a capable shell SKIP_DISABLE_LASTLOG_DEFINE=yes ;; -*-*-unicosmk*) - AC_DEFINE([NO_SSH_LASTLOG], [1], - [Define if you don't want to use lastlog in session.c]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([WITH_ABBREV_NO_TTY]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - AC_DEFINE([NO_SSH_LASTLOG]) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; *-dec-osf*) AC_MSG_CHECKING([for Digital Unix SIA]) no_osfsia="" diff --git a/defines.h b/defines.h index f1662edcf..3fa5ec5a9 100644 --- a/defines.h +++ b/defines.h @@ -214,24 +214,12 @@ typedef signed char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# ifdef _UNICOS -# if (SIZEOF_SHORT_INT == 4) -typedef short int16_t; -# else -typedef long int16_t; -# endif -# else # error "16 bit int type not found." -# endif /* _UNICOS */ # endif # if (SIZEOF_INT == 4) typedef int int32_t; # else -# ifdef _UNICOS -typedef long int32_t; -# else # error "32 bit int type not found." -# endif /* _UNICOS */ # endif #endif @@ -247,24 +235,12 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# ifdef _UNICOS -# if (SIZEOF_SHORT_INT == 4) -typedef unsigned short u_int16_t; -# else -typedef unsigned long u_int16_t; -# endif -# else # error "16 bit int type not found." -# endif # endif # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# ifdef _UNICOS -typedef unsigned long u_int32_t; -# else # error "32 bit int type not found." -# endif # endif # endif #define __BIT_TYPES_DEFINED__ diff --git a/loginrec.c b/loginrec.c index 788553e92..bdbc9bbf4 100644 --- a/loginrec.c +++ b/loginrec.c @@ -663,15 +663,9 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#ifdef _UNICOS - cray_set_tmpdir(ut); -#endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#ifdef _UNICOS - cray_retain_utmp(ut, li->pid); -#endif break; } # endif diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 213ded4d4..62dbf8566 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c deleted file mode 100644 index c02e63261..000000000 --- a/openbsd-compat/bsd-cray.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * - * bsd-cray.c - * - * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by - * Wayne Schroeder, SDSC - * William Jones, UTexas - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Apr 22 16.34:00 2002 wp - * - * This file contains functions required for proper execution - * on UNICOS systems. - * - */ -#ifdef _UNICOS - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ssh.h" - -#include "includes.h" -#include "sys/types.h" - -#ifndef HAVE_STRUCT_SOCKADDR_STORAGE -# define _SS_MAXSIZE 128 /* Implementation specific max size */ -# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) - -# define ss_family ss_sa.sa_family -#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ - -#ifndef IN6_IS_ADDR_LOOPBACK -# define IN6_IS_ADDR_LOOPBACK(a) \ - (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \ - ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1)) -#endif /* !IN6_IS_ADDR_LOOPBACK */ - -#ifndef AF_INET6 -/* Define it to something that should never appear */ -#define AF_INET6 AF_MAX -#endif - -#include "log.h" -#include "servconf.h" -#include "bsd-cray.h" - -#define MAXACID 80 - -extern ServerOptions options; - -char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */ - -struct sysv sysv; /* system security structure */ -struct usrv usrv; /* user security structure */ - -/* - * Functions. - */ -void cray_retain_utmp(struct utmp *, int); -void cray_delete_tmpdir(char *, int, uid_t); -void cray_init_job(struct passwd *); -void cray_set_tmpdir(struct utmp *); -void cray_login_failure(char *, int); -int cray_setup(uid_t, char *, const char *); -int cray_access_denied(char *); - -void -cray_login_failure(char *username, int errcode) -{ - struct udb *ueptr; /* UDB pointer for username */ - ia_failure_t fsent; /* ia_failure structure */ - ia_failure_ret_t fret; /* ia_failure return stuff */ - struct jtab jtab; /* job table structure */ - int jid = 0; /* job id */ - - if ((jid = getjtab(&jtab)) < 0) - debug("cray_login_failure(): getjtab error"); - - getsysudb(); - if ((ueptr = getudbnam(username)) == UDB_NULL) - debug("cray_login_failure(): getudbname() returned NULL"); - endudb(); - - memset(&fsent, '\0', sizeof(fsent)); - fsent.revision = 0; - fsent.uname = username; - fsent.host = (char *)get_canonical_hostname(options.use_dns); - fsent.ttyn = "sshd"; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = ueptr; - fsent.jid = jid; - fsent.errcode = errcode; - fsent.pwdp = NULL; - fsent.exitcode = 0; /* dont exit in ia_failure() */ - - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an login failure. - */ - ia_failure(&fsent, &fret); -} - -/* - * Cray access denied - */ -int -cray_access_denied(char *username) -{ - struct udb *ueptr; /* UDB pointer for username */ - int errcode; /* IA errorcode */ - - errcode = 0; - getsysudb(); - if ((ueptr = getudbnam(username)) == UDB_NULL) - debug("cray_login_failure(): getudbname() returned NULL"); - endudb(); - - if (ueptr != NULL && ueptr->ue_disabled) - errcode = IA_DISABLED; - if (errcode) - cray_login_failure(username, errcode); - - return (errcode); -} - -/* - * record_failed_login: generic "login failed" interface function - */ -void -record_failed_login(const char *user, const char *hostname, const char *ttyname) -{ - cray_login_failure((char *)user, IA_UDBERR); -} - -int -cray_setup (uid_t uid, char *username, const char *command) -{ - extern struct udb *getudb(); - extern char *setlimits(); - - int err; /* error return */ - time_t system_time; /* current system clock */ - time_t expiration_time; /* password expiration time */ - int maxattempts; /* maximum no. of failed login attempts */ - int SecureSys; /* unicos security flag */ - int minslevel = 0; /* system minimum security level */ - int i, j; - int valid_acct = -1; /* flag for reading valid acct */ - char acct_name[MAXACID] = { "" }; /* used to read acct name */ - struct jtab jtab; /* Job table struct */ - struct udb ue; /* udb entry for logging-in user */ - struct udb *up; /* pointer to UDB entry */ - struct secstat secinfo; /* file security attributes */ - struct servprov init_info; /* used for sesscntl() call */ - int jid; /* job ID */ - int pid; /* process ID */ - char *sr; /* status return from setlimits() */ - char *ttyn = NULL; /* ttyname or command name*/ - char hostname[MAXHOSTNAMELEN]; - /* passwd stuff for ia_user */ - passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce; - ia_user_ret_t uret; /* stuff returned from ia_user */ - ia_user_t usent; /* ia_user main structure */ - int ia_rcode; /* ia_user return code */ - ia_failure_t fsent; /* ia_failure structure */ - ia_failure_ret_t fret; /* ia_failure return stuff */ - ia_success_t ssent; /* ia_success structure */ - ia_success_ret_t sret; /* ia_success return stuff */ - int ia_mlsrcode; /* ia_mlsuser return code */ - int secstatrc; /* [f]secstat return code */ - - if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { - getsysv(&sysv, sizeof(struct sysv)); - minslevel = sysv.sy_minlvl; - if (getusrv(&usrv) < 0) - fatal("getusrv() failed, errno = %d", errno); - } - hostname[0] = '\0'; - strlcpy(hostname, - (char *)get_canonical_hostname(options.use_dns), - MAXHOSTNAMELEN); - /* - * Fetch user's UDB entry. - */ - getsysudb(); - if ((up = getudbnam(username)) == UDB_NULL) - fatal("cannot fetch user's UDB entry"); - - /* - * Prevent any possible fudging so perform a data - * safety check and compare the supplied uid against - * the udb's uid. - */ - if (up->ue_uid != uid) - fatal("IA uid missmatch"); - endudb(); - - if ((jid = getjtab(&jtab)) < 0) { - debug("getjtab"); - return(-1); - } - pid = getpid(); - ttyn = ttyname(0); - if (SecureSys) { - if (ttyn != NULL) - secstatrc = secstat(ttyn, &secinfo); - else - secstatrc = fsecstat(1, &secinfo); - - if (secstatrc == 0) - debug("[f]secstat() successful"); - else - fatal("[f]secstat() error, rc = %d", secstatrc); - } - if ((ttyn == NULL) && ((char *)command != NULL)) - ttyn = (char *)command; - /* - * Initialize all structures to call ia_user - */ - usent.revision = 0; - usent.uname = username; - usent.host = hostname; - usent.ttyn = ttyn; - usent.caller = IA_SSHD; - usent.pswdlist = &pwdacm; - usent.ueptr = &ue; - usent.flags = IA_INTERACTIVE | IA_FFLAG; - pwdacm.atype = IA_SECURID; - pwdacm.pwdp = NULL; - pwdacm.next = &pwdudb; - - pwdudb.atype = IA_UDB; - pwdudb.pwdp = NULL; - pwdudb.next = &pwddce; - - pwddce.atype = IA_DCE; - pwddce.pwdp = NULL; - pwddce.next = &pwddialup; - - pwddialup.atype = IA_DIALUP; - pwddialup.pwdp = NULL; - /* pwddialup.next = &pwdwal; */ - pwddialup.next = NULL; - - pwdwal.atype = IA_WAL; - pwdwal.pwdp = NULL; - pwdwal.next = NULL; - - uret.revision = 0; - uret.pswd = NULL; - uret.normal = 0; - - ia_rcode = ia_user(&usent, &uret); - switch (ia_rcode) { - /* - * These are acceptable return codes from ia_user() - */ - case IA_UDBWEEK: /* Password Expires in 1 week */ - expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; - printf ("WARNING - your current password will expire %s\n", - ctime((const time_t *)&expiration_time)); - break; - case IA_UDBEXPIRED: - if (ttyname(0) != NULL) { - /* Force a password change */ - printf("Your password has expired; Choose a new one.\n"); - execl("/bin/passwd", "passwd", username, 0); - exit(9); - } - break; - case IA_NORMAL: /* Normal Return Code */ - break; - case IA_BACKDOOR: - /* XXX: can we memset it to zero here so save some of this */ - strlcpy(ue.ue_name, "root", sizeof(ue.ue_name)); - strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir)); - strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell)); - - ue.ue_passwd[0] = '\0'; - ue.ue_age[0] = '\0'; - ue.ue_comment[0] = '\0'; - ue.ue_loghost[0] = '\0'; - ue.ue_logline[0] = '\0'; - - ue.ue_uid = -1; - ue.ue_nice[UDBRC_INTER] = 0; - - for (i = 0; i < MAXVIDS; i++) - ue.ue_gids[i] = 0; - - ue.ue_logfails = 0; - ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel; - ue.ue_defcomps = 0; - ue.ue_comparts = 0; - ue.ue_permits = 0; - ue.ue_trap = 0; - ue.ue_disabled = 0; - ue.ue_logtime = 0; - break; - case IA_CONSOLE: /* Superuser not from Console */ - case IA_TRUSTED: /* Trusted user */ - if (options.permit_root_login > PERMIT_NO) - break; /* Accept root login */ - default: - /* - * These are failed return codes from ia_user() - */ - switch (ia_rcode) - { - case IA_BADAUTH: - printf("Bad authorization, access denied.\n"); - break; - case IA_DISABLED: - printf("Your login has been disabled. Contact the system "); - printf("administrator for assistance.\n"); - break; - case IA_GETSYSV: - printf("getsysv() failed - errno = %d\n", errno); - break; - case IA_MAXLOGS: - printf("Maximum number of failed login attempts exceeded.\n"); - printf("Access denied.\n"); - break; - case IA_UDBPWDNULL: - if (SecureSys) - printf("NULL Password not allowed on MLS systems.\n"); - break; - default: - break; - } - - /* - * Authentication failed. - */ - printf("sshd: Login incorrect, (0%o)\n", - ia_rcode-IA_ERRORCODE); - - /* - * Initialize structure for ia_failure - * which will exit. - */ - fsent.revision = 0; - fsent.uname = username; - fsent.host = hostname; - fsent.ttyn = ttyn; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = &ue; - fsent.jid = jid; - fsent.errcode = ia_rcode; - fsent.pwdp = uret.pswd; - fsent.exitcode = 1; - - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an IA failure. - * There is no return because ia_failure exits. - */ - ia_failure(&fsent, &fret); - - exit(1); - } - - ia_mlsrcode = IA_NORMAL; - if (SecureSys) { - debug("calling ia_mlsuser()"); - ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0); - } - if (ia_mlsrcode != IA_NORMAL) { - printf("sshd: Login incorrect, (0%o)\n", - ia_mlsrcode-IA_ERRORCODE); - /* - * Initialize structure for ia_failure - * which will exit. - */ - fsent.revision = 0; - fsent.uname = username; - fsent.host = hostname; - fsent.ttyn = ttyn; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = &ue; - fsent.jid = jid; - fsent.errcode = ia_mlsrcode; - fsent.pwdp = uret.pswd; - fsent.exitcode = 1; - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an IA failure. - * There is no return because ia_failure exits. - */ - ia_failure(&fsent,&fret); - exit(1); - } - - /* Provide login status information */ - if (options.print_lastlog && ue.ue_logtime != 0) { - printf("Last successful login was : %.*s ", 19, - (char *)ctime(&ue.ue_logtime)); - - if (*ue.ue_loghost != '\0') { - printf("from %.*s\n", sizeof(ue.ue_loghost), - ue.ue_loghost); - } else { - printf("on %.*s\n", sizeof(ue.ue_logline), - ue.ue_logline); - } - - if (SecureSys && (ue.ue_logfails != 0)) { - printf(" followed by %d failed attempts\n", - ue.ue_logfails); - } - } - - /* - * Call ia_success to process successful I/A. - */ - ssent.revision = 0; - ssent.uname = username; - ssent.host = hostname; - ssent.ttyn = ttyn; - ssent.caller = IA_SSHD; - ssent.flags = IA_INTERACTIVE; - ssent.ueptr = &ue; - ssent.jid = jid; - ssent.errcode = ia_rcode; - ssent.us = NULL; - ssent.time = 1; /* Set ue_logtime */ - - sret.revision = 0; - sret.normal = 0; - - ia_success(&ssent, &sret); - - /* - * Query for account, iff > 1 valid acid & askacid permbit - */ - if (((ue.ue_permbits & PERMBITS_ACCTID) || - (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && - ue.ue_permbits & PERMBITS_ASKACID) { - if (ttyname(0) != NULL) { - debug("cray_setup: ttyname true case, %.100s", ttyname); - while (valid_acct == -1) { - printf("Account (? for available accounts)" - " [%s]: ", acid2nam(ue.ue_acids[0])); - fgets(acct_name, MAXACID, stdin); - switch (acct_name[0]) { - case EOF: - exit(0); - break; - case '\0': - valid_acct = ue.ue_acids[0]; - strlcpy(acct_name, acid2nam(valid_acct), MAXACID); - break; - case '?': - /* Print the list 3 wide */ - for (i = 0, j = 0; i < MAXVIDS; i++) { - if (ue.ue_acids[i] == -1) { - printf("\n"); - break; - } - if (++j == 4) { - j = 1; - printf("\n"); - } - printf(" %s", - acid2nam(ue.ue_acids[i])); - } - if (ue.ue_permbits & PERMBITS_ACCTID) { - printf("\"acctid\" permbit also allows" - " you to select any valid " - "account name.\n"); - } - printf("\n"); - break; - default: - valid_acct = nam2acid(acct_name); - if (valid_acct == -1) - printf( - "Account id not found for" - " account name \"%s\"\n\n", - acct_name); - break; - } - /* - * If an account was given, search the user's - * acids array to verify they can use this account. - */ - if ((valid_acct != -1) && - !(ue.ue_permbits & PERMBITS_ACCTID)) { - for (i = 0; i < MAXVIDS; i++) { - if (ue.ue_acids[i] == -1) - break; - if (valid_acct == ue.ue_acids[i]) - break; - } - if (i == MAXVIDS || - ue.ue_acids[i] == -1) { - fprintf(stderr, "Cannot set" - " account name to " - "\"%s\", permission " - "denied\n\n", acct_name); - valid_acct = -1; - } - } - } - } else { - /* - * The client isn't connected to a terminal and can't - * respond to an acid prompt. Use default acid. - */ - debug("cray_setup: ttyname false case, %.100s", - ttyname); - valid_acct = ue.ue_acids[0]; - } - } else { - /* - * The user doesn't have the askacid permbit set or - * only has one valid account to use. - */ - valid_acct = ue.ue_acids[0]; - } - if (acctid(0, valid_acct) < 0) { - printf ("Bad account id: %d\n", valid_acct); - exit(1); - } - - /* - * Now set shares, quotas, limits, including CPU time for the - * (interactive) job and process, and set up permissions - * (for chown etc), etc. - */ - if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { - printf("Unable to give %d shares to <%s>(%d/%d)\n", - ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); - exit(1); - } - - sr = setlimits(username, C_PROC, pid, UDBRC_INTER); - if (sr != NULL) { - debug("%.200s", sr); - exit(1); - } - sr = setlimits(username, C_JOB, jid, UDBRC_INTER); - if (sr != NULL) { - debug("%.200s", sr); - exit(1); - } - /* - * Place the service provider information into - * the session table (Unicos) or job table (Unicos/mk). - * There exist double defines for the job/session table in - * unicos/mk (jtab.h) so no need for a compile time switch. - */ - memset(&init_info, '\0', sizeof(init_info)); - init_info.s_sessinit.si_id = URM_SPT_LOGIN; - init_info.s_sessinit.si_pid = getpid(); - init_info.s_sessinit.si_sid = jid; - sesscntl(0, S_SETSERVPO, (int)&init_info); - - /* - * Set user and controlling tty security attributes. - */ - if (SecureSys) { - if (setusrv(&usrv) == -1) { - debug("setusrv() failed, errno = %d",errno); - exit(1); - } - } - - return (0); -} - -/* - * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk - * can have pal privileges that sshd can inherit which - * could allow a user to su to root with out a password. - * This subroutine clears all privileges. - */ -void -drop_cray_privs() -{ -#if defined(_SC_CRAY_PRIV_SU) - priv_proc_t *privstate; - int result; - extern int priv_set_proc(); - extern priv_proc_t *priv_init_proc(); - - /* - * If ether of theses two flags are not set - * then don't allow this version of ssh to run. - */ - if (!sysconf(_SC_CRAY_PRIV_SU)) - fatal("Not PRIV_SU system."); - if (!sysconf(_SC_CRAY_POSIX_PRIV)) - fatal("Not POSIX_PRIV."); - - debug("Setting MLS labels.");; - - if (sysconf(_SC_CRAY_SECURE_MAC)) { - usrv.sv_minlvl = SYSLOW; - usrv.sv_actlvl = SYSHIGH; - usrv.sv_maxlvl = SYSHIGH; - } else { - usrv.sv_minlvl = sysv.sy_minlvl; - usrv.sv_actlvl = sysv.sy_minlvl; - usrv.sv_maxlvl = sysv.sy_maxlvl; - } - usrv.sv_actcmp = 0; - usrv.sv_valcmp = sysv.sy_valcmp; - - usrv.sv_intcat = TFM_SYSTEM; - usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); - - if (setusrv(&usrv) < 0) { - fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, - strerror(errno)); - } - - if ((privstate = priv_init_proc()) != NULL) { - result = priv_set_proc(privstate); - if (result != 0 ) { - fatal("%s(%d): priv_set_proc(): %s", - __FILE__, __LINE__, strerror(errno)); - } - priv_free_proc(privstate); - } - debug ("Privileges should be cleared..."); -#else - /* XXX: do this differently */ -# error Cray systems must be run with _SC_CRAY_PRIV_SU on! -#endif -} - - -/* - * Retain utmp/wtmp information - used by cray accounting. - */ -void -cray_retain_utmp(struct utmp *ut, int pid) -{ - int fd; - struct utmp utmp; - - if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { - /* XXX use atomicio */ - while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { - if (pid == utmp.ut_pid) { - ut->ut_jid = utmp.ut_jid; - strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); - strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); - strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); - break; - } - } - close(fd); - } else - fatal("Unable to open utmp file"); -} - -/* - * tmpdir support. - */ - -/* - * find and delete jobs tmpdir. - */ -void -cray_delete_tmpdir(char *login, int jid, uid_t uid) -{ - static char jtmp[TPATHSIZ]; - struct stat statbuf; - int child, c, wstat; - - for (c = 'a'; c <= 'z'; c++) { - snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); - if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) - break; - } - - if (c > 'z') - return; - - if ((child = fork()) == 0) { - execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); - fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); - } - - while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) - ; -} - -/* - * Remove tmpdir on job termination. - */ -void -cray_job_termination_handler(int sig) -{ - int jid; - char *login = NULL; - struct jtab jtab; - - if ((jid = waitjob(&jtab)) == -1 || - (login = uid2nam(jtab.j_uid)) == NULL) - return; - - cray_delete_tmpdir(login, jid, jtab.j_uid); -} - -/* - * Set job id and create tmpdir directory. - */ -void -cray_init_job(struct passwd *pw) -{ - int jid; - int c; - - jid = setjob(pw->pw_uid, WJSIGNAL); - if (jid < 0) - fatal("System call setjob failure"); - - for (c = 'a'; c <= 'z'; c++) { - snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); - if (mkdir(cray_tmpdir, JTMPMODE) != 0) - continue; - if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { - rmdir(cray_tmpdir); - continue; - } - break; - } - - if (c > 'z') - cray_tmpdir[0] = '\0'; -} - -void -cray_set_tmpdir(struct utmp *ut) -{ - int jid; - struct jtab jbuf; - - if ((jid = getjtab(&jbuf)) < 0) - return; - - /* - * Set jid and tmpdir in utmp record. - */ - ut->ut_jid = jid; - strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); -} -#endif /* UNICOS */ - -#ifdef _UNICOSMP -#include -/* - * Set job id and create tmpdir directory. - */ -void -cray_init_job(struct passwd *pw) -{ - initrm_silent(pw->pw_uid); - return; -} -#endif /* _UNICOSMP */ diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h deleted file mode 100644 index ca626a021..000000000 --- a/openbsd-compat/bsd-cray.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by - * Wayne Schroeder, SDSC - * William Jones, UTexas - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Apr 22 16.34:00 2002 wp - * - * This file contains functions required for proper execution - * on UNICOS systems. - * - */ - -#ifndef _BSD_CRAY_H -#define _BSD_CRAY_H - -#ifdef _UNICOS - -void cray_init_job(struct passwd *); -void cray_job_termination_handler(int); -void cray_login_failure(char *, int ); -int cray_access_denied(char *); -extern char cray_tmpdir[]; - -#define CUSTOM_FAILED_LOGIN 1 - -#ifndef IA_SSHD -# define IA_SSHD IA_LOGIN -#endif -#ifndef MAXHOSTNAMELEN -# define MAXHOSTNAMELEN 64 -#endif -#ifndef _CRAYT3E -# define TIOCGPGRP (tIOC|20) -#endif - -#endif /* UNICOS */ - -#endif /* _BSD_CRAY_H */ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index b28235860..48fb6059e 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -147,17 +147,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, } return (0); -#elif defined(_UNICOS) - char ptbuf[64], ttbuf[64]; - int i; - int highpty; - - highpty = 128; -#ifdef _SC_CRAY_NPTY - if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1) - highpty = 128; -#endif /* _SC_CRAY_NPTY */ - for (i = 0; i < highpty; i++) { snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i); snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i); diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index c7f660609..8155a0dd7 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -316,7 +316,6 @@ char *shadow_pw(struct passwd *pw); #include "fake-rfc2553.h" /* Routines for a single OS platform */ -#include "bsd-cray.h" #include "bsd-cygwin_util.h" #include "port-aix.h" diff --git a/session.c b/session.c index e93012679..51c5ea0ec 100644 --- a/session.c +++ b/session.c @@ -450,11 +450,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) close(err[0]); #endif - -#ifdef _UNICOS - cray_init_job(s->pw); /* set up cray jid and tmpdir */ -#endif - /* Do processing for the child (exec command etc). */ do_child(ssh, s, command); /* NOTREACHED */ @@ -462,9 +457,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) break; } -#ifdef _UNICOS - signal(WJSIGNAL, cray_job_termination_handler); -#endif /* _UNICOS */ #ifdef HAVE_CYGWIN cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif @@ -576,9 +568,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) close(ttyfd); /* record login, etc. similar to login(1) */ -#ifdef _UNICOS - cray_init_job(s->pw); /* set up cray jid and tmpdir */ -#endif /* _UNICOS */ #ifndef HAVE_OSF_SIA do_login(ssh, s, command); #endif @@ -592,9 +581,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) break; } -#ifdef _UNICOS - signal(WJSIGNAL, cray_job_termination_handler); -#endif /* _UNICOS */ #ifdef HAVE_CYGWIN cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif @@ -1080,11 +1066,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); -#ifdef _UNICOS - if (cray_tmpdir[0] != '\0') - child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); -#endif /* _UNICOS */ - /* * Since we clear KRB5CCNAME at startup, if it's set now then it * must have been set by a native authentication method (eg AIX or @@ -1485,10 +1466,6 @@ do_child(struct ssh *ssh, Session *s, const char *command) exit(1); } -#ifdef _UNICOS - cray_setup(pw->pw_uid, pw->pw_name, command); -#endif /* _UNICOS */ - /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. diff --git a/sshd.c b/sshd.c index 17931068d..7466d5a44 100644 --- a/sshd.c +++ b/sshd.c @@ -1602,13 +1602,6 @@ main(int ac, char **av) if (getenv("KRB5CCNAME") != NULL) (void) unsetenv("KRB5CCNAME"); -#ifdef _UNICOS - /* Cray can define user privs drop all privs now! - * Not needed on PRIV_SU systems! - */ - drop_cray_privs(); -#endif - sensitive_data.have_ssh2_key = 0; /* diff --git a/sshpty.c b/sshpty.c index fe2fb5aa2..4da84d05f 100644 --- a/sshpty.c +++ b/sshpty.c @@ -100,30 +100,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) { int fd; -#ifdef _UNICOS - if (setsid() < 0) - error("setsid: %.100s", strerror(errno)); - - fd = open(tty, O_RDWR|O_NOCTTY); - if (fd != -1) { - signal(SIGHUP, SIG_IGN); - ioctl(fd, TCVHUP, (char *)NULL); - signal(SIGHUP, SIG_DFL); - setpgid(0, 0); - close(fd); - } else { - error("Failed to disconnect from controlling tty."); - } - - debug("Setting controlling tty using TCSETCTTY."); - ioctl(*ttyfd, TCSETCTTY, NULL); - fd = open("/dev/tty", O_RDWR); - if (fd < 0) - error("%.100s: %.100s", tty, strerror(errno)); - close(*ttyfd); - *ttyfd = fd; -#else /* _UNICOS */ - /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); @@ -167,7 +143,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) strerror(errno)); else close(fd); -#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ -- cgit v1.2.3 From 265d88d4e61e352de6791733c8b29fa3d7d0c26d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 15 Feb 2018 20:06:19 +1100 Subject: Remove remaining now-obsolete cvs $Ids. --- Makefile.in | 2 -- configure.ac | 1 - contrib/aix/README | 1 - contrib/aix/buildbff.sh | 1 - contrib/aix/inventory.sh | 1 - contrib/findssl.sh | 2 -- mdoc2man.awk | 2 -- mkinstalldirs | 2 -- openbsd-compat/Makefile.in | 2 -- openbsd-compat/regress/Makefile.in | 2 -- regress/README.regress | 2 -- 11 files changed, 18 deletions(-) (limited to 'openbsd-compat') diff --git a/Makefile.in b/Makefile.in index 030f19654..158a0e284 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.365 2014/08/30 06:23:07 djm Exp $ - # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ diff --git a/configure.ac b/configure.ac index 38600e321..112cf5ae8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,3 @@ -# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # diff --git a/contrib/aix/README b/contrib/aix/README index 4a11ae703..1aa591978 100644 --- a/contrib/aix/README +++ b/contrib/aix/README @@ -47,4 +47,3 @@ you get to keep both pieces. - Darren Tucker (dtucker at zip dot com dot au) 2002/03/01 -$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 81d8cc301..00b384dc7 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,6 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index e2641e79c..7d76f4971 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -1,7 +1,6 @@ #!/bin/sh # # inventory.sh -# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ # # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # This file is placed into the public domain. diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 263fd2644..95a0d66df 100644 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh @@ -1,7 +1,5 @@ #!/bin/sh # -# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $ -# # findssl.sh # Search for all instances of OpenSSL headers and libraries # and print their versions. diff --git a/mdoc2man.awk b/mdoc2man.awk index 3e8725452..d393ae6f1 100644 --- a/mdoc2man.awk +++ b/mdoc2man.awk @@ -1,7 +1,5 @@ #!/usr/bin/awk # -# $Id: mdoc2man.awk,v 1.9 2009/10/24 00:52:42 dtucker Exp $ -# # Version history: # v4+ Adapted for OpenSSH Portable (see cvs Id and history) # v3, I put the program under a proper license diff --git a/mkinstalldirs b/mkinstalldirs index 47d5f43fe..399f40925 100755 --- a/mkinstalldirs +++ b/mkinstalldirs @@ -4,8 +4,6 @@ # Created: 1993-05-16 # Public domain -# $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $ - errstatus=0 for file diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 62dbf8566..053f2ef2a 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.56 2014/09/30 23:43:08 djm Exp $ - sysconfdir=@sysconfdir@ piddir=@piddir@ srcdir=@srcdir@ diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index dabdb0912..529331be5 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $ - sysconfdir=@sysconfdir@ piddir=@piddir@ srcdir=@srcdir@ diff --git a/regress/README.regress b/regress/README.regress index 9b99bdacb..867855017 100644 --- a/regress/README.regress +++ b/regress/README.regress @@ -100,5 +100,3 @@ Known Issues. - Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head test to fail. The old behaviour can be restored by setting (and exporting) _POSIX2_VERSION=199209 before running the tests. - -$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $ -- cgit v1.2.3 From f6dc2ba3c9d12be53057b9371f5109ec553a399f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Feb 2018 17:32:28 +1100 Subject: freezero should check for NULL. --- openbsd-compat/freezero.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c index ca5de785b..90b9d3813 100644 --- a/openbsd-compat/freezero.c +++ b/openbsd-compat/freezero.c @@ -23,6 +23,8 @@ void freezero(void *ptr, size_t sz) { + if (ptr == NULL) + return; explicit_bzero(ptr, sz); free(ptr); } -- cgit v1.2.3 From a9004425a032d7a7141a5437cfabfd02431e2a74 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Feb 2018 20:25:22 +1100 Subject: Check for bzero and supply if needed. Since explicit_bzero uses it via an indirect it needs to be a function not just a macro. --- configure.ac | 3 +++ openbsd-compat/bsd-misc.c | 8 ++++++++ openbsd-compat/bsd-misc.h | 4 ++++ 3 files changed, 15 insertions(+) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index e81e3eccd..e23540e63 100644 --- a/configure.ac +++ b/configure.ac @@ -1695,6 +1695,7 @@ AC_CHECK_FUNCS([ \ bcrypt_pbkdf \ bindresvport_sa \ blf_enc \ + bzero \ cap_rights_limit \ clock \ closefrom \ @@ -1800,6 +1801,8 @@ AC_CHECK_FUNCS([ \ warn \ ]) +AC_CHECK_DECLS([bzero]) + dnl Wide character support. AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 9f6dc8af2..3e8f74b72 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -282,3 +282,11 @@ llabs(long long j) return (j < 0 ? -j : j); } #endif + +#ifndef HAVE_BZERO +void +bzero(void *b, size_t n) +{ + (void)memset(b, 0, n); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 2cfd5dae6..bf5fad188 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -133,4 +133,8 @@ void warn(const char *, ...) __attribute__((format(printf, 1, 2))); long long llabs(long long); #endif +#ifndef HAVE_DECL_BZERO +void bzero(void *, size_t); +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From 6c8c9a615b6d31db8a87bc25033f053d5b0a831e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Feb 2018 20:46:37 +1100 Subject: Check for raise and supply if needed. --- configure.ac | 1 + openbsd-compat/bsd-misc.c | 8 ++++++++ openbsd-compat/bsd-misc.h | 4 ++++ 3 files changed, 13 insertions(+) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index e23540e63..7342dcb77 100644 --- a/configure.ac +++ b/configure.ac @@ -1744,6 +1744,7 @@ AC_CHECK_FUNCS([ \ poll \ prctl \ pstat \ + raise \ readpassphrase \ reallocarray \ recvmsg \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 3e8f74b72..af58f3bd2 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -290,3 +290,11 @@ bzero(void *b, size_t n) (void)memset(b, 0, n); } #endif + +#ifndef HAVE_RAISE +int +raise(int sig) +{ + kill(getpid(), sig); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index bf5fad188..3cb912d28 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -137,4 +137,8 @@ long long llabs(long long); void bzero(void *, size_t); #endif +#ifndef HAVE_RAISE +int raise(int); +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From 2eb4041493fd2635ffdc64a852d02b38c4955e0b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Feb 2018 21:06:48 +1100 Subject: Add prototype for readv if needed. --- configure.ac | 2 +- openbsd-compat/openbsd-compat.h | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index 7342dcb77..03cc3f869 100644 --- a/configure.ac +++ b/configure.ac @@ -1908,7 +1908,7 @@ AC_CHECK_DECLS([O_NONBLOCK], , , #endif ]) -AC_CHECK_DECLS([writev], , , [ +AC_CHECK_DECLS([readv, writev], , , [ #include #include #include diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 8155a0dd7..b48fb9342 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -170,10 +170,18 @@ int BSDgetopt(int argc, char * const *argv, const char *opts); #include "openbsd-compat/getopt.h" #endif -#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 +#if ((defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0) || \ + (defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0)) # include # include + +# if defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0 +int readv(int, struct iovec *, int); +# endif + +# if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 int writev(int, struct iovec *, int); +# endif #endif /* Home grown routines */ -- cgit v1.2.3 From e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2018 10:20:31 +1100 Subject: Handle calloc(0,x) where different from malloc. Configure assumes that if malloc(0) returns null then calloc(0,n) also does. On some old platforms (SunOS4) malloc behaves as expected (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this at configure time and activate the replacement function if found, plus handle this case in rpl_calloc. --- configure.ac | 19 +++++++++++++++++-- openbsd-compat/bsd-malloc.c | 2 ++ 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index 03cc3f869..605844ba2 100644 --- a/configure.ac +++ b/configure.ac @@ -1337,8 +1337,23 @@ AC_FUNC_STRFTIME AC_FUNC_MALLOC AC_FUNC_REALLOC # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; -if test "x$ac_cv_func_malloc_0_nonnull" != "xyes"; then - AC_DEFINE(HAVE_CALLOC, 0, [calloc(x, 0) returns NULL]) +AC_MSG_CHECKING([if calloc(0, N) returns non-null]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ #include ]], + [[ void *p = calloc(0, 1); exit(p == NULL); ]] + )], + [ func_calloc_0_nonnull=yes ], + [ func_calloc_0_nonnull=no ], + [ AC_MSG_WARN([cross compiling: assuming same as malloc]) + func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] +) +AC_MSG_RESULT([$func_calloc_0_nonnull]) + +if test "x$func_calloc_0_nonnull" == "xyes"; then + AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) +else + AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) AC_DEFINE(calloc, rpl_calloc, [Define to rpl_calloc if the replacement function should be used.]) fi diff --git a/openbsd-compat/bsd-malloc.c b/openbsd-compat/bsd-malloc.c index 6402ab588..482facdc9 100644 --- a/openbsd-compat/bsd-malloc.c +++ b/openbsd-compat/bsd-malloc.c @@ -50,6 +50,8 @@ rpl_realloc(void *ptr, size_t size) { if (size == 0) size = 1; + if (ptr == 0) + return malloc(size); return realloc(ptr, size); } #endif -- cgit v1.2.3 From 11057564eb6ab8fd987de50c3d7f394c6f6632b7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2018 11:22:57 +1100 Subject: bsd-statvfs: include sys/vfs.h, check for f_flags. --- configure.ac | 18 ++++++++++++++++++ openbsd-compat/bsd-statvfs.c | 8 ++++++++ openbsd-compat/bsd-statvfs.h | 3 +++ 3 files changed, 29 insertions(+) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index 605844ba2..e9762ba68 100644 --- a/configure.ac +++ b/configure.ac @@ -409,6 +409,7 @@ AC_CHECK_HEADERS([ \ sys/sysmacros.h \ sys/time.h \ sys/timers.h \ + sys/vfs.h \ time.h \ tmpdir.h \ ttyent.h \ @@ -3659,6 +3660,23 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ #endif ]) +AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +]]) + + AC_CHECK_TYPES([in_addr_t, in_port_t], , , [#include #include ]) diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c index 458dbe89c..e3bd87d98 100644 --- a/openbsd-compat/bsd-statvfs.c +++ b/openbsd-compat/bsd-statvfs.c @@ -25,6 +25,10 @@ #include +#ifndef MNAMELEN +# define MNAMELEN 32 +#endif + static void copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) { @@ -37,7 +41,11 @@ copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) to->f_ffree = from->f_ffree; to->f_favail = from->f_ffree; /* no exact equivalent */ to->f_fsid = 0; /* XXX fix me */ +#ifdef HAVE_STRUCT_STATFS_F_FLAGS to->f_flag = from->f_flags; +#else + to->f_flag = 0; +#endif to->f_namemax = MNAMELEN; } diff --git a/openbsd-compat/bsd-statvfs.h b/openbsd-compat/bsd-statvfs.h index 815ec03b2..e2a4c15f7 100644 --- a/openbsd-compat/bsd-statvfs.h +++ b/openbsd-compat/bsd-statvfs.h @@ -26,6 +26,9 @@ #ifdef HAVE_SYS_STATFS_H #include #endif +#ifdef HAVE_SYS_VFS_H +#include +#endif #ifndef HAVE_FSBLKCNT_T typedef unsigned long fsblkcnt_t; -- cgit v1.2.3 From b39593a6de5290650a01adf8699c6460570403c2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2018 13:25:15 +1100 Subject: Add no-op getsid implmentation. --- configure.ac | 1 + openbsd-compat/bsd-misc.c | 10 ++++++++++ openbsd-compat/bsd-misc.h | 4 ++++ 3 files changed, 15 insertions(+) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index e9762ba68..f96c70bcd 100644 --- a/configure.ac +++ b/configure.ac @@ -1739,6 +1739,7 @@ AC_CHECK_FUNCS([ \ getpgrp \ _getpty \ getrlimit \ + getsid \ getttyent \ glob \ group_from_gid \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index af58f3bd2..a2f750558 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -298,3 +298,13 @@ raise(int sig) kill(getpid(), sig); } #endif + +#ifndef HAVE_GETSID +pid_t +getsid(pid_t pid) +{ + errno = ENOSYS; + return -1; +} +#endif + diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 3cb912d28..af2ccdae2 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -141,4 +141,8 @@ void bzero(void *, size_t); int raise(int); #endif +#ifndef HAVE_GETSID +pid_t getsid(pid_t); +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2018 23:55:41 +1100 Subject: Invert sense of getpgrp test. AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not declared. Instead, test if the zero-arg version we want to use works. --- configure.ac | 12 ++++++++++-- openbsd-compat/bsd-misc.c | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index f96c70bcd..d3deac832 100644 --- a/configure.ac +++ b/configure.ac @@ -1736,7 +1736,6 @@ AC_CHECK_FUNCS([ \ getpeereid \ getpeerucred \ getpgid \ - getpgrp \ _getpty \ getrlimit \ getsid \ @@ -2413,7 +2412,16 @@ static void sighandler(int sig) { _exit(1); } ) fi -AC_FUNC_GETPGRP +AC_CHECK_FUNCS([getpgrp],[ + AC_MSG_CHECKING([if getpgrp accepts zero args]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], + [ AC_MSG_RESULT([no]) + AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] + ) +]) # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index a2f750558..f7187daf8 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -238,7 +238,7 @@ isblank(int c) pid_t getpgid(pid_t pid) { -#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) +#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) && GETPGRP_VOID == 0 return getpgrp(pid); #elif defined(HAVE_GETPGRP) if (pid == 0) -- cgit v1.2.3 From bda709b8e13d3eef19e69c2d1684139e3af728f5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 26 Feb 2018 12:17:22 +1100 Subject: avoid inclusion of deprecated selinux/flask.h Use string_to_security_class() instead. --- openbsd-compat/port-linux.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index e4c5d1b7c..8c5325cc3 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -33,7 +33,6 @@ #ifdef WITH_SELINUX #include -#include #include #ifndef SSH_SELINUX_UNCONFINED_TYPE @@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) security_context_t new_tty_ctx = NULL; security_context_t user_ctx = NULL; security_context_t old_tty_ctx = NULL; + security_class_t chrclass; if (!ssh_selinux_enabled()) return; @@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) error("%s: getfilecon: %s", __func__, strerror(errno)); goto out; } - + if ((chrclass = string_to_security_class("chr_file")) == 0) { + error("%s: couldn't get security class for chr_file", __func__); + goto out; + } if (security_compute_relabel(user_ctx, old_tty_ctx, - SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { + chrclass, &new_tty_ctx) != 0) { error("%s: security_compute_relabel: %s", __func__, strerror(errno)); goto out; -- cgit v1.2.3 From b087998d1ba90dd1ddb6bfdb17873dc3e7392798 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Feb 2018 14:27:02 +1100 Subject: Import flock() compat from NetBSD. From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. --- openbsd-compat/bsd-flock.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 openbsd-compat/bsd-flock.c (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-flock.c b/openbsd-compat/bsd-flock.c new file mode 100644 index 000000000..4a51ebe13 --- /dev/null +++ b/openbsd-compat/bsd-flock.c @@ -0,0 +1,76 @@ +/* $NetBSD: flock.c,v 1.6 2008/04/28 20:24:12 martin Exp $ */ + +/*- + * Copyright (c) 2001 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Todd Vierling. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Emulate flock() with fcntl(), where available. + * Otherwise, don't do locking; just pretend success. + */ + +#include "nbtool_config.h" + +#if !HAVE_FLOCK +#include +#include + +int flock(int fd, int op) { + int rc = 0; + +#if defined(F_SETLK) && defined(F_SETLKW) + struct flock fl = {0}; + + switch (op & (LOCK_EX|LOCK_SH|LOCK_UN)) { + case LOCK_EX: + fl.l_type = F_WRLCK; + break; + + case LOCK_SH: + fl.l_type = F_RDLCK; + break; + + case LOCK_UN: + fl.l_type = F_UNLCK; + break; + + default: + errno = EINVAL; + return -1; + } + + fl.l_whence = SEEK_SET; + rc = fcntl(fd, op & LOCK_NB ? F_SETLK : F_SETLKW, &fl); + + if (rc && (errno == EAGAIN)) + errno = EWOULDBLOCK; +#endif + + return rc; +} +#endif -- cgit v1.2.3 From cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Feb 2018 14:37:06 +1100 Subject: Hook up flock() compat code. Also a couple of minor changes: fail if we can't lock instead of silently succeeding, and apply a couple of minor style fixes. --- configure.ac | 1 + openbsd-compat/Makefile.in | 2 +- openbsd-compat/bsd-flock.c | 11 ++++++++--- openbsd-compat/bsd-misc.h | 8 ++++++++ 4 files changed, 18 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index a70d40628..35e2e8d1d 100644 --- a/configure.ac +++ b/configure.ac @@ -1723,6 +1723,7 @@ AC_CHECK_FUNCS([ \ explicit_bzero \ fchmod \ fchown \ + flock \ freeaddrinfo \ freezero \ fstatfs \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 053f2ef2a..71fcdb127 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -16,7 +16,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-flock.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o diff --git a/openbsd-compat/bsd-flock.c b/openbsd-compat/bsd-flock.c index 4a51ebe13..bf4d8a658 100644 --- a/openbsd-compat/bsd-flock.c +++ b/openbsd-compat/bsd-flock.c @@ -34,13 +34,15 @@ * Otherwise, don't do locking; just pretend success. */ -#include "nbtool_config.h" +#include "includes.h" -#if !HAVE_FLOCK +#ifndef HAVE_FLOCK #include #include -int flock(int fd, int op) { +int +flock(int fd, int op) +{ int rc = 0; #if defined(F_SETLK) && defined(F_SETLKW) @@ -69,6 +71,9 @@ int flock(int fd, int op) { if (rc && (errno == EAGAIN)) errno = EWOULDBLOCK; +#else + rc = -1 + errno = ENOSYS; #endif return rc; diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index af2ccdae2..2a73ae45b 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -145,4 +145,12 @@ int raise(int); pid_t getsid(pid_t); #endif +#ifndef HAVE_FLOCK +# define LOCK_SH 0x01 +# define LOCK_EX 0x02 +# define LOCK_NB 0x04 +# define LOCK_UN 0x08 +int flock(int, int); +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From 5aea4aa522f61bb2f34c3055a7de203909dfae77 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Feb 2018 14:39:14 +1100 Subject: typo: missing ; --- openbsd-compat/bsd-flock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-flock.c b/openbsd-compat/bsd-flock.c index bf4d8a658..9b15d1eaf 100644 --- a/openbsd-compat/bsd-flock.c +++ b/openbsd-compat/bsd-flock.c @@ -72,7 +72,7 @@ flock(int fd, int op) if (rc && (errno == EAGAIN)) errno = EWOULDBLOCK; #else - rc = -1 + rc = -1; errno = ENOSYS; #endif -- cgit v1.2.3 From f0b245b0439e600fab782d19e97980e9f2c2533c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Feb 2018 11:43:48 +1100 Subject: Check if HAVE_DECL_BZERO correctly. --- openbsd-compat/bsd-misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 2a73ae45b..fb81e6c72 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -133,7 +133,7 @@ void warn(const char *, ...) __attribute__((format(printf, 1, 2))); long long llabs(long long); #endif -#ifndef HAVE_DECL_BZERO +#if defined(HAVE_DECL_BZERO) && HAVE_DECL_BZERO == 0 void bzero(void *, size_t); #endif -- cgit v1.2.3 From e8a17feba95eef424303fb94441008f6c5347aaf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 3 Mar 2018 14:49:07 +1100 Subject: Flatten and alphabetize object file lists. This will make maintenance and changes easier. "no objection" tim@ --- openbsd-compat/Makefile.in | 78 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 71fcdb127..93e8da720 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -14,11 +14,83 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o +OPENBSD=base64.o \ + basename.o \ + bcrypt_pbkdf.o \ + bcrypt_pbkdf.o \ + bindresvport.o \ + blowfish.o \ + daemon.o \ + dirname.o \ + explicit_bzero.o \ + fmt_scaled.o \ + freezero.o \ + getcwd.o \ + getgrouplist.o \ + getopt_long.o \ + getrrsetbyname.o \ + glob.o \ + inet_aton.o \ + inet_ntoa.o \ + inet_ntop.o \ + md5.o \ + mktemp.o \ + pwcache.o \ + readpassphrase.o \ + reallocarray.o \ + realpath.o \ + recallocarray.o \ + rmd160.o \ + rresvport.o \ + setenv.o \ + setproctitle.o \ + sha1.o \ + sha2.o \ + sigact.o \ + strcasestr.o \ + strlcat.o \ + strlcpy.o \ + strmode.o \ + strnlen.o \ + strptime.o \ + strsep.o \ + strtoll.o \ + strtonum.o \ + strtoull.o \ + strtoul.o \ + timingsafe_bcmp.o \ + vis.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-flock.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT= arc4random.o \ + bsd-asprintf.o \ + bsd-closefrom.o \ + bsd-cygwin_util.o \ + bsd-err.o \ + bsd-flock.o \ + bsd-getpagesize.o \ + bsd-getpeereid.o \ + bsd-malloc.o \ + bsd-misc.o \ + bsd-nextstep.o \ + bsd-openpty.o \ + bsd-poll.o \ + bsd-setres_id.o \ + bsd-signal.o \ + bsd-snprintf.o \ + bsd-statvfs.o \ + bsd-waitpid.o \ + fake-rfc2553.o \ + getrrsetbyname-ldns.o \ + kludge-fd_set.o \ + openssl-compat.o \ + xcrypt.o -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o +PORTS= port-aix.o \ + port-irix.o \ + port-linux.o \ + port-solaris.o \ + port-net.o \ + port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -- cgit v1.2.3 From 33561e68e0b27366cb769295a077aabc6a49d2a1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 3 Mar 2018 14:56:09 +1100 Subject: Add strndup for platforms that need it. Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 and FreeBSD 6. --- configure.ac | 1 + openbsd-compat/Makefile.in | 1 + openbsd-compat/strndup.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 openbsd-compat/strndup.c (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index 7e6e1ebda..70e72be77 100644 --- a/configure.ac +++ b/configure.ac @@ -1809,6 +1809,7 @@ AC_CHECK_FUNCS([ \ strlcat \ strlcpy \ strmode \ + strndup \ strnlen \ strnvis \ strptime \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 93e8da720..8e3b42991 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -51,6 +51,7 @@ OPENBSD=base64.o \ strlcat.o \ strlcpy.o \ strmode.o \ + strndup.o \ strnlen.o \ strptime.o \ strsep.o \ diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c new file mode 100644 index 000000000..0fcb96f6b --- /dev/null +++ b/openbsd-compat/strndup.c @@ -0,0 +1,43 @@ +/* $OpenBSD: strndup.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ + +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#ifndef HAVE_STRNDUP +#include + +#include +#include +#include + +char * +strndup(const char *str, size_t maxlen) +{ + char *copy; + size_t len; + + len = strnlen(str, maxlen); + copy = malloc(len + 1); + if (copy != NULL) { + (void)memcpy(copy, str, len); + copy[len] = '\0'; + } + + return copy; +} +DEF_WEAK(strndup); +#endif /* HAVE_STRNDUP */ -- cgit v1.2.3 From 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 5 Mar 2018 19:28:08 +1100 Subject: Check for and work around buggy fflush(NULL). Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check for and work around. With klausz at haus-gisela.de. --- configure.ac | 10 ++++++++++ openbsd-compat/bsd-misc.c | 16 ++++++++++++++++ openbsd-compat/bsd-misc.h | 4 ++++ 3 files changed, 30 insertions(+) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index 70e72be77..d2fb4469c 100644 --- a/configure.ac +++ b/configure.ac @@ -2059,6 +2059,16 @@ AC_CHECK_FUNCS([realpath], [ ) ]) +AC_MSG_CHECKING([for working fflush(NULL)]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[#include ]], [[fflush(NULL); exit(0);]])], + AC_MSG_RESULT([yes]), + [AC_MSG_RESULT([no]) + AC_DEFINE([FFLUSH_NULL_BUG], [1], + [define if fflush(NULL) does not work])], + AC_MSG_WARN([cross compiling: assuming working]) +) + dnl Checks for time functions AC_CHECK_FUNCS([gettimeofday time]) dnl Checks for utmp functions diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index f7187daf8..3daf61071 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -308,3 +308,19 @@ getsid(pid_t pid) } #endif +#ifdef FFLUSH_NULL_BUG +#undef fflush +int _ssh_compat_fflush(FILE *f) +{ + int r1, r2, r3; + + if (f == NULL) { + r2 = fflush(stdout); + r3 = fflush(stderr); + if (r1 == -1 || r2 == -1 || r3 == -1) + return -1; + return 0; + } + return fflush(f); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index fb81e6c72..52ec52853 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -153,4 +153,8 @@ pid_t getsid(pid_t); int flock(int, int); #endif +#ifdef FFLUSH_NULL_BUG +# define fflush(x) (_ssh_compat_fflush(x)) +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From bba02a5094b3db228ceac41cb4bfca165d0735f3 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 25 Mar 2018 09:17:33 -0700 Subject: modified: auth-sia.c modified: openbsd-compat/port-aix.c modified: openbsd-compat/port-uw.c propogate changes to auth-passwd.c in commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers of sys_auth_passwd() --- auth-sia.c | 3 ++- openbsd-compat/port-aix.c | 3 ++- openbsd-compat/port-uw.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/auth-sia.c b/auth-sia.c index a9e1c258c..051d152cf 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -50,11 +50,12 @@ extern int saved_argc; extern char **saved_argv; int -sys_auth_passwd(Authctxt *authctxt, const char *pass) +sys_auth_passwd(struct ssh *ssh, const char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; + Authctxt *authctxt = ssh->authctxt; host = get_canonical_hostname(options.use_dns); diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index c2970c4db..768d44c33 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -171,8 +171,9 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *ctxt = ssh->authctxt; char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index db24dbb94..ba675acd6 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -51,8 +51,9 @@ int nischeck(char *); int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; char *salt; int result; -- cgit v1.2.3 From bc3f80e4d191b8e48650045dfa8a682cd3aabd4d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Mar 2018 12:58:09 +1100 Subject: Remove UNICOS code missed during removal. Fixes compile error on AIX. --- openbsd-compat/bsd-openpty.c | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 48fb6059e..e8ad542f8 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -147,20 +147,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, } return (0); - for (i = 0; i < highpty; i++) { - snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i); - snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i); - if ((*amaster = open(ptbuf, O_RDWR|O_NOCTTY)) == -1) - continue; - /* Open the slave side. */ - if ((*aslave = open(ttbuf, O_RDWR|O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - return (0); - } - return (-1); - #else /* BSD-style pty code. */ char ptbuf[64], ttbuf[64]; -- cgit v1.2.3 From 6b5a17bc14e896e3904dc58d889b58934cfacd24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 26 Mar 2018 13:12:44 +1100 Subject: Include ssh_api.h for struct ssh. struct ssh is needed by implementations of sys_auth_passwd() that were converted in commit bba02a50. Needed to fix build on AIX, I assume for the other platforms too (although it should be harmless if not needed). --- auth-sia.c | 1 + openbsd-compat/port-aix.c | 1 + openbsd-compat/port-uw.c | 1 + 3 files changed, 3 insertions(+) (limited to 'openbsd-compat') diff --git a/auth-sia.c b/auth-sia.c index 051d152cf..7c97f03e5 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -36,6 +36,7 @@ #include #include "ssh.h" +#include "ssh_api.h" #include "key.h" #include "hostfile.h" #include "auth.h" diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 768d44c33..79c868966 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -32,6 +32,7 @@ #include "hostfile.h" #include "auth.h" #include "ssh.h" +#include "ssh_api.h" #include "log.h" #ifdef _AIX diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index ba675acd6..014cac264 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -47,6 +47,7 @@ #include "hostfile.h" #include "auth.h" #include "ssh.h" +#include "ssh_api.h" int nischeck(char *); -- cgit v1.2.3 From 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Mar 2018 18:23:07 +1100 Subject: Disable native strndup and strnlen on AIX. On at least some revisions of AIX, strndup returns unterminated strings under some conditions, apparently because strnlen returns incorrect values in those cases. Disable both on AIX and use the replacements from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. --- configure.ac | 2 ++ openbsd-compat/strndup.c | 2 +- openbsd-compat/strnlen.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index bedacc2db..663062bef 100644 --- a/configure.ac +++ b/configure.ac @@ -603,6 +603,8 @@ case "$host" in [AIX 5.2 and 5.3 (and presumably newer) require this]) AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) + AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) + AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) ;; *-*-android*) AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c index 0fcb96f6b..ebb4eccfb 100644 --- a/openbsd-compat/strndup.c +++ b/openbsd-compat/strndup.c @@ -17,7 +17,7 @@ */ #include "config.h" -#ifndef HAVE_STRNDUP +#if !defined(HAVE_STRNDUP) || defined(BROKEN_STRNDUP) #include #include diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c index 93d515595..8cc6b96b5 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -19,7 +19,7 @@ /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ #include "config.h" -#ifndef HAVE_STRNLEN +#if !defined(HAVE_STRNLEN) || defined(BROKEN_STRNLEN) #include #include -- cgit v1.2.3