From 9715d4ad4b53877ec23dc8681dd7a405de9419a6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Aug 2016 09:02:42 +1000 Subject: Repair $OpenBSD marker. --- openbsd-compat/sha2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index c8bfc3cd1..c6e6c97a5 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h @@ -1,4 +1,4 @@ -/* OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ +/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ /* * FILE: sha2.h -- cgit v1.2.3 From 30f9bd1c0963c23bfba8468dfd26aa17609ba42f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Aug 2016 09:06:27 +1000 Subject: Repair $OpenBSD markers. --- openbsd-compat/getcwd.c | 2 +- openbsd-compat/getgrouplist.c | 2 +- openbsd-compat/sha2.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index 3edbb9cba..e4f7f5a3d 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c @@ -1,4 +1,4 @@ -/* from OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */ +/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openbsd-compat/getgrouplist.c b/openbsd-compat/getgrouplist.c index 3afcb9281..3906cd629 100644 --- a/openbsd-compat/getgrouplist.c +++ b/openbsd-compat/getgrouplist.c @@ -1,4 +1,4 @@ -/* from OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */ +/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index 737935d46..a22099bbe 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c @@ -1,4 +1,4 @@ -/* from OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ +/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ /* * FILE: sha2.c -- cgit v1.2.3 From c20dccb5614c5714f4155dda01bcdebf97cfae7e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Aug 2016 09:44:25 +1000 Subject: Strip trailing whitespace. Mechanically strip trailing whitespace on files not synced with OpenBSD (or in the case of bsd-snprint.c, rsync). --- openbsd-compat/Makefile.in | 2 +- openbsd-compat/base64.h | 2 +- openbsd-compat/bsd-asprintf.c | 2 +- openbsd-compat/bsd-cray.c | 22 +++++++++++----------- openbsd-compat/bsd-cray.h | 2 +- openbsd-compat/bsd-cygwin_util.c | 4 ++-- openbsd-compat/bsd-misc.c | 12 ++++++------ openbsd-compat/bsd-misc.h | 2 +- openbsd-compat/bsd-nextstep.c | 2 +- openbsd-compat/bsd-openpty.c | 4 ++-- openbsd-compat/bsd-waitpid.c | 6 +++--- openbsd-compat/fake-rfc2553.c | 36 ++++++++++++++++++------------------ openbsd-compat/fake-rfc2553.h | 10 +++++----- openbsd-compat/openbsd-compat.h | 14 +++++++------- openbsd-compat/openssl-compat.c | 2 +- openbsd-compat/port-aix.c | 6 +++--- openbsd-compat/port-tun.c | 2 +- openbsd-compat/setproctitle.c | 10 +++++----- openbsd-compat/xcrypt.c | 4 ++-- openbsd-compat/xmmap.c | 2 +- 20 files changed, 73 insertions(+), 73 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index aca9eba75..7f7368aa3 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -36,7 +36,7 @@ libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) $(RANLIB) $@ clean: - rm -f *.o *.a core + rm -f *.o *.a core distclean: clean rm -f Makefile *~ diff --git a/openbsd-compat/base64.h b/openbsd-compat/base64.h index 732c6b3f8..0774ce2aa 100644 --- a/openbsd-compat/base64.h +++ b/openbsd-compat/base64.h @@ -49,7 +49,7 @@ #ifndef HAVE___B64_NTOP # ifndef HAVE_B64_NTOP -int b64_ntop(u_char const *src, size_t srclength, char *target, +int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize); # endif /* !HAVE_B64_NTOP */ # define __b64_ntop(a,b,c,d) b64_ntop(a,b,c,d) diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c index 7b83448ca..822367154 100644 --- a/openbsd-compat/bsd-asprintf.c +++ b/openbsd-compat/bsd-asprintf.c @@ -78,7 +78,7 @@ int asprintf(char **str, const char *fmt, ...) { va_list ap; int ret; - + *str = NULL; va_start(ap, fmt); ret = vasprintf(str, fmt, ap); diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index f1bbd7dec..1528ab6e1 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,10 +1,10 @@ -/* +/* * $Id: bsd-cray.c,v 1.17 2007/08/15 09:17:43 dtucker Exp $ * * bsd-cray.c * * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by + * Significant portions provided by * Wayne Schroeder, SDSC * William Jones, UTexas * @@ -268,7 +268,7 @@ cray_setup (uid_t uid, char *username, const char *command) usent.uname = username; usent.host = hostname; usent.ttyn = ttyn; - usent.caller = IA_SSHD; + usent.caller = IA_SSHD; usent.pswdlist = &pwdacm; usent.ueptr = &ue; usent.flags = IA_INTERACTIVE | IA_FFLAG; @@ -352,7 +352,7 @@ cray_setup (uid_t uid, char *username, const char *command) /* * These are failed return codes from ia_user() */ - switch (ia_rcode) + switch (ia_rcode) { case IA_BADAUTH: printf("Bad authorization, access denied.\n"); @@ -407,7 +407,7 @@ cray_setup (uid_t uid, char *username, const char *command) */ ia_failure(&fsent, &fret); - exit(1); + exit(1); } ia_mlsrcode = IA_NORMAL; @@ -441,7 +441,7 @@ cray_setup (uid_t uid, char *username, const char *command) * There is no return because ia_failure exits. */ ia_failure(&fsent,&fret); - exit(1); + exit(1); } /* Provide login status information */ @@ -526,7 +526,7 @@ cray_setup (uid_t uid, char *username, const char *command) break; default: valid_acct = nam2acid(acct_name); - if (valid_acct == -1) + if (valid_acct == -1) printf( "Account id not found for" " account name \"%s\"\n\n", @@ -576,9 +576,9 @@ cray_setup (uid_t uid, char *username, const char *command) exit(1); } - /* - * Now set shares, quotas, limits, including CPU time for the - * (interactive) job and process, and set up permissions + /* + * Now set shares, quotas, limits, including CPU time for the + * (interactive) job and process, and set up permissions * (for chown etc), etc. */ if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { @@ -656,7 +656,7 @@ drop_cray_privs() usrv.sv_minlvl = sysv.sy_minlvl; usrv.sv_actlvl = sysv.sy_minlvl; usrv.sv_maxlvl = sysv.sy_maxlvl; - } + } usrv.sv_actcmp = 0; usrv.sv_valcmp = sysv.sy_valcmp; diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 774eceb5a..bc2e22134 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -2,7 +2,7 @@ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by + * Significant portions provided by * Wayne Schroeder, SDSC * William Jones, UTexas * diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 8672ccf7f..398a5f617 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -39,12 +39,12 @@ #include "xmalloc.h" -int +int binary_open(const char *filename, int flags, ...) { va_list ap; mode_t mode; - + va_start(ap, flags); mode = va_arg(ap, mode_t); va_end(ap); diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 18bf62dd8..f11731630 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -70,7 +70,7 @@ int setlogin(const char *name) #endif /* !HAVE_SETLOGIN */ #ifndef HAVE_INNETGR -int innetgr(const char *netgroup, const char *host, +int innetgr(const char *netgroup, const char *host, const char *user, const char *domain) { return (0); @@ -96,7 +96,7 @@ const char *strerror(int e) { extern int sys_nerr; extern char *sys_errlist[]; - + if ((e >= 0) && (e < sys_nerr)) return (sys_errlist[e]); @@ -111,10 +111,10 @@ int utimes(char *filename, struct timeval *tvp) ub.actime = tvp[0].tv_sec; ub.modtime = tvp[1].tv_sec; - + return (utime(filename, &ub)); } -#endif +#endif #ifndef HAVE_TRUNCATE int truncate(const char *path, off_t length) @@ -149,9 +149,9 @@ int nanosleep(const struct timespec *req, struct timespec *rem) saverrno = errno; (void) gettimeofday (&tstop, NULL); errno = saverrno; - tremain.tv_sec = time2wait.tv_sec - + tremain.tv_sec = time2wait.tv_sec - (tstop.tv_sec - tstart.tv_sec); - tremain.tv_usec = time2wait.tv_usec - + tremain.tv_usec = time2wait.tv_usec - (tstop.tv_usec - tstart.tv_usec); tremain.tv_sec += tremain.tv_usec / 1000000L; tremain.tv_usec %= 1000000L; diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 27abb2e92..6084de8d6 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -49,7 +49,7 @@ int setegid(uid_t); #if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR) const char *strerror(int); -#endif +#endif #if !defined(HAVE_SETLINEBUF) #define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) diff --git a/openbsd-compat/bsd-nextstep.c b/openbsd-compat/bsd-nextstep.c index 8195af88a..d52443f6d 100644 --- a/openbsd-compat/bsd-nextstep.c +++ b/openbsd-compat/bsd-nextstep.c @@ -29,7 +29,7 @@ #include #include "bsd-nextstep.h" -pid_t +pid_t posix_wait(int *status) { union wait statusp; diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 9777eb556..b28235860 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -122,7 +122,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, } /* - * Try to push the appropriate streams modules, as described + * Try to push the appropriate streams modules, as described * in Solaris pts(7). */ ioctl(*aslave, I_PUSH, "ptem"); @@ -184,7 +184,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct termios tio; for (i = 0; i < num_ptys; i++) { - snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c", + snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c", ptymajors[i / num_minors], ptyminors[i % num_minors]); snprintf(ttbuf, sizeof(ttbuf), "/dev/tty%c%c", ptymajors[i / num_minors], ptyminors[i % num_minors]); diff --git a/openbsd-compat/bsd-waitpid.c b/openbsd-compat/bsd-waitpid.c index 40e6ffaa8..c21fbe911 100644 --- a/openbsd-compat/bsd-waitpid.c +++ b/openbsd-compat/bsd-waitpid.c @@ -24,7 +24,7 @@ #include "includes.h" -#ifndef HAVE_WAITPID +#ifndef HAVE_WAITPID #include #include #include "bsd-waitpid.h" @@ -45,9 +45,9 @@ waitpid(int pid, int *stat_loc, int options) } wait_pid = wait4(pid, &statusp, options, NULL); if (stat_loc) - *stat_loc = (int) statusp.w_status; + *stat_loc = (int) statusp.w_status; - return (wait_pid); + return (wait_pid); } #endif /* !HAVE_WAITPID */ diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index 096d9e092..55c95625e 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. * Copyright (C) 1999 WIDE Project. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +13,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -44,7 +44,7 @@ #include #ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) { struct sockaddr_in *sin = (struct sockaddr_in *)sa; @@ -67,11 +67,11 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, else return (0); } else { - hp = gethostbyaddr((char *)&sin->sin_addr, + hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), AF_INET); if (hp == NULL) return (EAI_NODATA); - + if (strlcpy(host, hp->h_name, hostlen) >= hostlen) return (EAI_MEMORY); else @@ -102,7 +102,7 @@ gai_strerror(int err) default: return ("unknown/invalid error."); } -} +} #endif /* !HAVE_GAI_STRERROR */ #ifndef HAVE_FREEADDRINFO @@ -128,9 +128,9 @@ addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in)); if (ai == NULL) return (NULL); - + memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in)); - + ai->ai_addr = (struct sockaddr *)(ai + 1); /* XXX -- ssh doesn't use sa_len */ ai->ai_addrlen = sizeof(struct sockaddr_in); @@ -138,7 +138,7 @@ addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; - + /* XXX: the following is not generally correct, but does what we want */ if (hints->ai_socktype) ai->ai_socktype = hints->ai_socktype; @@ -152,7 +152,7 @@ addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) } int -getaddrinfo(const char *hostname, const char *servname, +getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res) { struct hostent *hp; @@ -183,29 +183,29 @@ getaddrinfo(const char *hostname, const char *servname, if (hostname && inet_aton(hostname, &in) != 0) addr = in.s_addr; *res = malloc_ai(port, addr, hints); - if (*res == NULL) + if (*res == NULL) return (EAI_MEMORY); return (0); } - + if (!hostname) { *res = malloc_ai(port, htonl(0x7f000001), hints); - if (*res == NULL) + if (*res == NULL) return (EAI_MEMORY); return (0); } - + if (inet_aton(hostname, &in)) { *res = malloc_ai(port, in.s_addr, hints); - if (*res == NULL) + if (*res == NULL) return (EAI_MEMORY); return (0); } - + /* Don't try DNS if AI_NUMERICHOST is set */ if (hints && hints->ai_flags & AI_NUMERICHOST) return (EAI_NONAME); - + hp = gethostbyname(hostname); if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { struct addrinfo *cur, *prev; @@ -229,7 +229,7 @@ getaddrinfo(const char *hostname, const char *servname, } return (0); } - + return (EAI_NODATA); } #endif /* !HAVE_GETADDRINFO */ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index 6426f7bf6..bd520d4b1 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -3,7 +3,7 @@ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. * Copyright (C) 1999 WIDE Project. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -15,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -47,7 +47,7 @@ #endif /* - * First, socket and INET6 related definitions + * First, socket and INET6 related definitions */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE # define _SS_MAXSIZE 128 /* Implementation specific max size */ @@ -154,7 +154,7 @@ struct addrinfo { # undef getaddrinfo #endif #define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) -int getaddrinfo(const char *, const char *, +int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); #endif /* !HAVE_GETADDRINFO */ @@ -170,7 +170,7 @@ void freeaddrinfo(struct addrinfo *); #ifndef HAVE_GETNAMEINFO #define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) -int getnameinfo(const struct sockaddr *, size_t, char *, size_t, +int getnameinfo(const struct sockaddr *, size_t, char *, size_t, char *, size_t, int); #endif /* !HAVE_GETNAMEINFO */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 37d2064cd..4e7629a91 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -64,7 +64,7 @@ void closefrom(int); #ifndef HAVE_GETCWD char *getcwd(char *pt, size_t size); -#endif +#endif #ifndef HAVE_REALLOCARRAY void *reallocarray(void *, size_t, size_t); @@ -94,7 +94,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz); #ifndef HAVE_STRLCAT /* #include XXX Still needed? */ size_t strlcat(char *dst, const char *src, size_t siz); -#endif +#endif #ifndef HAVE_SETENV int setenv(register const char *name, register const char *value, int rewrite); @@ -113,11 +113,11 @@ char *strptime(const char *buf, const char *fmt, struct tm *tm); int mkstemps(char *path, int slen); int mkstemp(char *path); char *mkdtemp(char *path); -#endif +#endif #ifndef HAVE_DAEMON int daemon(int nochdir, int noclose); -#endif +#endif #ifndef HAVE_DIRNAME char *dirname(const char *path); @@ -142,7 +142,7 @@ const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); #ifndef HAVE_INET_ATON int inet_aton(const char *cp, struct in_addr *addr); -#endif +#endif #ifndef HAVE_STRSEP char *strsep(char **stringp, const char *delim); @@ -199,7 +199,7 @@ u_int32_t arc4random_uniform(u_int32_t); #ifndef HAVE_ASPRINTF int asprintf(char **, const char *, ...); -#endif +#endif #ifndef HAVE_OPENPTY # include /* for struct winsize */ @@ -210,7 +210,7 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *); #ifndef HAVE_SNPRINTF int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); -#endif +#endif #ifndef HAVE_STRTOLL long long strtoll(const char *, char **, int); diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 63a660c7a..8c6b116f9 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -55,7 +55,7 @@ ssh_compatible_openssl(long headerver, long libver) mask = 0xfffff00fL; /* major,minor,fix,status */ return (headerver & mask) == (libver & mask); } - + /* * For versions >= 1.0.0, major,minor,status must match and library * fix version must be equal to or newer than the header. diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 8da367d48..c2970c4db 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -179,7 +179,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) do { result = authenticate((char *)name, (char *)password, &reenter, &authmsg); - aix_remove_embedded_newlines(authmsg); + aix_remove_embedded_newlines(authmsg); debug3("AIX/authenticate result %d, authmsg %.100s", result, authmsg); } while (reenter); @@ -337,11 +337,11 @@ aix_setauthdb(const char *user) debug3("%s: Could not open userdb to read", __func__); return; } - + if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { if (setauthdb(registry, old_registry) == 0) debug3("AIX/setauthdb set registry '%s'", registry); - else + else debug3("AIX/setauthdb set registry '%s' failed: %s", registry, strerror(errno)); } else diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 49e7b4d99..a444adf1d 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -68,7 +68,7 @@ sys_tun_open(int tun, int mode) return (-1); } - bzero(&ifr, sizeof(ifr)); + bzero(&ifr, sizeof(ifr)); if (mode == SSH_TUNMODE_ETHERNET) { ifr.ifr_flags = IFF_TAP; diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 9f7ca14c2..2b15c6e00 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -76,7 +76,7 @@ compat_init_setproctitle(int argc, char *argv[]) /* * NB: This assumes that argv has already been copied out of the - * way. This is true for sshd, but may not be true for other + * way. This is true for sshd, but may not be true for other * programs. Beware. */ @@ -92,7 +92,7 @@ compat_init_setproctitle(int argc, char *argv[]) } /* - * Find the last argv string or environment variable within + * Find the last argv string or environment variable within * our process memory area. */ for (i = 0; i < argc; i++) { @@ -108,8 +108,8 @@ compat_init_setproctitle(int argc, char *argv[]) argv_start = argv[0]; argv_env_len = lastargv - argv[0] - 1; - /* - * Copy environment + /* + * Copy environment * XXX - will truncate env on strdup fail */ for (i = 0; envp[i] != NULL; i++) @@ -156,7 +156,7 @@ setproctitle(const char *fmt, ...) pst.pst_command = ptitle; pstat(PSTAT_SETCMD, pst, strlen(ptitle), 0, 0); #elif SPT_TYPE == SPT_REUSEARGV -/* debug("setproctitle: copy \"%s\" into len %d", +/* debug("setproctitle: copy \"%s\" into len %d", buf, argv_env_len); */ len = strlcpy(argv_start, ptitle, argv_env_len); for(; len < argv_env_len; len++) diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index cf6a9b99f..532154f7f 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -42,7 +42,7 @@ # include # include # include -# endif +# endif # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) # include @@ -121,7 +121,7 @@ xcrypt(const char *password, const char *salt) crypted = bigcrypt(password, salt); # else crypted = crypt(password, salt); -# endif +# endif return crypted; } diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 04c6babc2..fee676e4e 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2002 Tim Rice. All rights reserved. * MAP_FAILED code by Solar Designer. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: -- cgit v1.2.3 From dd1031b78b83083615b68d7163c44f4408635be2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Aug 2016 10:01:52 +1000 Subject: Replace spaces with tabs. Mechanically replace spaces with tabs in compat files not synced with OpenBSD. --- openbsd-compat/bsd-misc.c | 2 +- openbsd-compat/bsd-waitpid.c | 6 +++--- openbsd-compat/fake-rfc2553.c | 2 +- openbsd-compat/port-irix.c | 48 +++++++++++++++++++++---------------------- openbsd-compat/xcrypt.c | 18 ++++++++-------- 5 files changed, 38 insertions(+), 38 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index f11731630..6f3bc8f1d 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -71,7 +71,7 @@ int setlogin(const char *name) #ifndef HAVE_INNETGR int innetgr(const char *netgroup, const char *host, - const char *user, const char *domain) + const char *user, const char *domain) { return (0); } diff --git a/openbsd-compat/bsd-waitpid.c b/openbsd-compat/bsd-waitpid.c index c21fbe911..113fb1ea9 100644 --- a/openbsd-compat/bsd-waitpid.c +++ b/openbsd-compat/bsd-waitpid.c @@ -43,11 +43,11 @@ waitpid(int pid, int *stat_loc, int options) /* wait4() wants pid=0 for indiscriminate wait. */ pid = 0; } - wait_pid = wait4(pid, &statusp, options, NULL); + wait_pid = wait4(pid, &statusp, options, NULL); if (stat_loc) - *stat_loc = (int) statusp.w_status; + *stat_loc = (int) statusp.w_status; - return (wait_pid); + return (wait_pid); } #endif /* !HAVE_WAITPID */ diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index 55c95625e..d5a62975a 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -45,7 +45,7 @@ #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) + size_t hostlen, char *serv, size_t servlen, int flags) { struct sockaddr_in *sin = (struct sockaddr_in *)sa; struct hostent *hp; diff --git a/openbsd-compat/port-irix.c b/openbsd-compat/port-irix.c index ba751a538..525b02909 100644 --- a/openbsd-compat/port-irix.c +++ b/openbsd-compat/port-irix.c @@ -47,42 +47,42 @@ void irix_setusercontext(struct passwd *pw) { #ifdef WITH_IRIX_PROJECT - prid_t projid; + prid_t projid; #endif #ifdef WITH_IRIX_JOBS - jid_t jid = 0; + jid_t jid = 0; #elif defined(WITH_IRIX_ARRAY) - int jid = 0; + int jid = 0; #endif #ifdef WITH_IRIX_JOBS - jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); - if (jid == -1) - fatal("Failed to create job container: %.100s", - strerror(errno)); + jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); + if (jid == -1) + fatal("Failed to create job container: %.100s", + strerror(errno)); #endif /* WITH_IRIX_JOBS */ #ifdef WITH_IRIX_ARRAY - /* initialize array session */ - if (jid == 0 && newarraysess() != 0) - fatal("Failed to set up new array session: %.100s", - strerror(errno)); + /* initialize array session */ + if (jid == 0 && newarraysess() != 0) + fatal("Failed to set up new array session: %.100s", + strerror(errno)); #endif /* WITH_IRIX_ARRAY */ #ifdef WITH_IRIX_PROJECT - /* initialize irix project info */ - if ((projid = getdfltprojuser(pw->pw_name)) == -1) { - debug("Failed to get project id, using projid 0"); - projid = 0; - } - if (setprid(projid)) - fatal("Failed to initialize project %d for %s: %.100s", - (int)projid, pw->pw_name, strerror(errno)); + /* initialize irix project info */ + if ((projid = getdfltprojuser(pw->pw_name)) == -1) { + debug("Failed to get project id, using projid 0"); + projid = 0; + } + if (setprid(projid)) + fatal("Failed to initialize project %d for %s: %.100s", + (int)projid, pw->pw_name, strerror(errno)); #endif /* WITH_IRIX_PROJECT */ #ifdef WITH_IRIX_AUDIT - if (sysconf(_SC_AUDIT)) { - debug("Setting sat id to %d", (int) pw->pw_uid); - if (satsetid(pw->pw_uid)) - debug("error setting satid: %.100s", strerror(errno)); - } + if (sysconf(_SC_AUDIT)) { + debug("Setting sat id to %d", (int) pw->pw_uid); + if (satsetid(pw->pw_uid)) + debug("error setting satid: %.100s", strerror(errno)); + } #endif /* WITH_IRIX_AUDIT */ } diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 532154f7f..c9c6283cc 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -108,19 +108,19 @@ xcrypt(const char *password, const char *salt) salt = pick_salt(); # ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(salt)) - crypted = md5_crypt(password, salt); - else - crypted = crypt(password, salt); + if (is_md5_salt(salt)) + crypted = md5_crypt(password, salt); + else + crypted = crypt(password, salt); # elif defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) - crypted = bigcrypt(password, salt); - else - crypted = crypt(password, salt); + crypted = bigcrypt(password, salt); + else + crypted = crypt(password, salt); # elif defined(HAVE_SECUREWARE) - crypted = bigcrypt(password, salt); + crypted = bigcrypt(password, salt); # else - crypted = crypt(password, salt); + crypted = crypt(password, salt); # endif return crypted; -- cgit v1.2.3 From 74433a19bb6f4cef607680fa4d1d7d81ca3826aa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Aug 2016 13:28:23 +1000 Subject: fix false positives when compiled with msan Our explicit_bzero successfully confused clang -fsanitize-memory in to thinking that memset is never called to initialise memory. Ensure that it is called in a way that the compiler recognises. --- openbsd-compat/explicit_bzero.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c index 3c85a4843..5078134d1 100644 --- a/openbsd-compat/explicit_bzero.c +++ b/openbsd-compat/explicit_bzero.c @@ -7,6 +7,8 @@ #include "includes.h" +#include + /* * explicit_bzero - don't let the compiler optimize away bzero */ @@ -32,6 +34,17 @@ static void (* volatile ssh_bzero)(void *, size_t) = bzero; void explicit_bzero(void *p, size_t n) { + /* + * clang -fsanitize=memory needs to intercept memset-like functions + * to correctly detect memory initialisation. Make sure one is called + * directly since our indirection trick above sucessfully confuses it. + */ +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) + memset(p, 0, n); +# endif +#endif + ssh_bzero(p, n); } -- cgit v1.2.3 From 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Aug 2016 14:08:42 +1000 Subject: Remove obsolete CVS $Id from source files. Since -portable switched to git the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them. --- audit-bsm.c | 2 -- audit-linux.c | 2 -- audit.c | 2 -- audit.h | 2 -- auth-pam.h | 2 -- defines.h | 3 --- entropy.h | 2 -- md5crypt.h | 2 -- openbsd-compat/base64.h | 2 -- openbsd-compat/bsd-cray.c | 1 - openbsd-compat/bsd-cray.h | 2 -- openbsd-compat/bsd-cygwin_util.h | 2 -- openbsd-compat/bsd-misc.h | 2 -- openbsd-compat/bsd-nextstep.h | 2 -- openbsd-compat/bsd-poll.c | 2 -- openbsd-compat/bsd-setres_id.c | 2 -- openbsd-compat/bsd-setres_id.h | 2 -- openbsd-compat/bsd-statvfs.c | 2 -- openbsd-compat/bsd-statvfs.h | 2 -- openbsd-compat/bsd-waitpid.h | 2 -- openbsd-compat/fake-rfc2553.h | 2 -- openbsd-compat/openbsd-compat.h | 2 -- openbsd-compat/openssl-compat.c | 2 -- openbsd-compat/openssl-compat.h | 2 -- openbsd-compat/port-aix.h | 2 -- openbsd-compat/port-irix.h | 2 -- openbsd-compat/port-linux.c | 2 -- openbsd-compat/port-linux.h | 2 -- openbsd-compat/port-solaris.c | 2 -- openbsd-compat/port-solaris.h | 2 -- openbsd-compat/xmmap.c | 2 -- platform.c | 2 -- platform.h | 2 -- 33 files changed, 66 deletions(-) (limited to 'openbsd-compat') diff --git a/audit-bsm.c b/audit-bsm.c index 613559140..f8e0bea89 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,5 +1,3 @@ -/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */ - /* * TODO * diff --git a/audit-linux.c b/audit-linux.c index d3524f7e1..136ed76bb 100644 --- a/audit-linux.c +++ b/audit-linux.c @@ -1,5 +1,3 @@ -/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */ - /* * Copyright 2010 Red Hat, Inc. All rights reserved. * Use is subject to license terms. diff --git a/audit.c b/audit.c index ced57fa64..7645c1439 100644 --- a/audit.c +++ b/audit.c @@ -1,5 +1,3 @@ -/* $Id: audit.c,v 1.6 2011/01/17 10:15:30 dtucker Exp $ */ - /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * diff --git a/audit.h b/audit.h index 92ede5bc4..0b593666d 100644 --- a/audit.h +++ b/audit.h @@ -1,5 +1,3 @@ -/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */ - /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * diff --git a/auth-pam.h b/auth-pam.h index 58a257a48..f9a3fbf43 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -1,5 +1,3 @@ -/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */ - /* * Copyright (c) 2000 Damien Miller. All rights reserved. * diff --git a/defines.h b/defines.h index 1b71d3e01..68466a340 100644 --- a/defines.h +++ b/defines.h @@ -25,9 +25,6 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.183 2014/09/02 19:33:26 djm Exp $ */ - - /* Constants */ #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 diff --git a/entropy.h b/entropy.h index c3d78dbad..9d5285b29 100644 --- a/entropy.h +++ b/entropy.h @@ -22,8 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */ - #ifndef _RANDOMS_H #define _RANDOMS_H diff --git a/md5crypt.h b/md5crypt.h index 2341e2c12..978e579c8 100644 --- a/md5crypt.h +++ b/md5crypt.h @@ -7,8 +7,6 @@ * ---------------------------------------------------------------------------- */ -/* $Id: md5crypt.h,v 1.4 2003/05/18 14:46:46 djm Exp $ */ - #ifndef _MD5CRYPT_H #define _MD5CRYPT_H diff --git a/openbsd-compat/base64.h b/openbsd-compat/base64.h index 0774ce2aa..bd772931b 100644 --- a/openbsd-compat/base64.h +++ b/openbsd-compat/base64.h @@ -1,5 +1,3 @@ -/* $Id: base64.h,v 1.6 2003/08/29 16:59:52 mouring Exp $ */ - /* * Copyright (c) 1996 by Internet Software Consortium. * diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 1528ab6e1..c02e63261 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,4 @@ /* - * $Id: bsd-cray.c,v 1.17 2007/08/15 09:17:43 dtucker Exp $ * * bsd-cray.c * diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index bc2e22134..ca626a021 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,3 @@ -/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ - /* * Copyright (c) 2002, Cray Inc. (Wendy Palm ) * Significant portions provided by diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 79cb2a197..9cef694b9 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -1,5 +1,3 @@ -/* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */ - /* * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen * diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 6084de8d6..6f08b09fa 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,5 +1,3 @@ -/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ - /* * Copyright (c) 1999-2004 Damien Miller * diff --git a/openbsd-compat/bsd-nextstep.h b/openbsd-compat/bsd-nextstep.h index ca5b4b54a..610f9e381 100644 --- a/openbsd-compat/bsd-nextstep.h +++ b/openbsd-compat/bsd-nextstep.h @@ -1,5 +1,3 @@ -/* $Id: bsd-nextstep.h,v 1.9 2003/08/29 16:59:52 mouring Exp $ */ - /* * Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved. * diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c index 73a852480..c8e6222c0 100644 --- a/openbsd-compat/bsd-poll.c +++ b/openbsd-compat/bsd-poll.c @@ -1,5 +1,3 @@ -/* $Id: bsd-poll.c,v 1.6 2014/02/05 23:44:13 dtucker Exp $ */ - /* * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au). * diff --git a/openbsd-compat/bsd-setres_id.c b/openbsd-compat/bsd-setres_id.c index 018bde8c7..696ae7b28 100644 --- a/openbsd-compat/bsd-setres_id.c +++ b/openbsd-compat/bsd-setres_id.c @@ -1,5 +1,3 @@ -/* $Id: bsd-setres_id.c,v 1.2 2013/12/07 21:23:09 djm Exp $ */ - /* * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). * diff --git a/openbsd-compat/bsd-setres_id.h b/openbsd-compat/bsd-setres_id.h index 6c269e0b9..0350a596e 100644 --- a/openbsd-compat/bsd-setres_id.h +++ b/openbsd-compat/bsd-setres_id.h @@ -1,5 +1,3 @@ -/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ - /* * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). * diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c index 2b1da80ec..458dbe89c 100644 --- a/openbsd-compat/bsd-statvfs.c +++ b/openbsd-compat/bsd-statvfs.c @@ -1,5 +1,3 @@ -/* $Id: bsd-statvfs.c,v 1.2 2014/01/17 07:10:59 dtucker Exp $ */ - /* * Copyright (c) 2008,2014 Darren Tucker * diff --git a/openbsd-compat/bsd-statvfs.h b/openbsd-compat/bsd-statvfs.h index dfd609974..815ec03b2 100644 --- a/openbsd-compat/bsd-statvfs.h +++ b/openbsd-compat/bsd-statvfs.h @@ -1,5 +1,3 @@ -/* $Id: bsd-statvfs.h,v 1.3 2014/01/17 07:48:22 dtucker Exp $ */ - /* * Copyright (c) 2008,2014 Darren Tucker * diff --git a/openbsd-compat/bsd-waitpid.h b/openbsd-compat/bsd-waitpid.h index 2d853db61..5ce3ee4b5 100644 --- a/openbsd-compat/bsd-waitpid.h +++ b/openbsd-compat/bsd-waitpid.h @@ -1,5 +1,3 @@ -/* $Id: bsd-waitpid.h,v 1.5 2003/08/29 16:59:52 mouring Exp $ */ - /* * Copyright (c) 2000 Ben Lindstrom. All rights reserved. * diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index bd520d4b1..f913617fe 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,5 +1,3 @@ -/* $Id: fake-rfc2553.h,v 1.16 2008/07/14 11:37:37 djm Exp $ */ - /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. * Copyright (C) 1999 WIDE Project. All rights reserved. diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 4e7629a91..0de07e9c3 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,5 +1,3 @@ -/* $Id: openbsd-compat.h,v 1.62 2014/09/30 23:43:08 djm Exp $ */ - /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. * Copyright (c) 2003 Ben Lindstrom. All rights reserved. diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 8c6b116f9..259fccbec 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,5 +1,3 @@ -/* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */ - /* * Copyright (c) 2005 Darren Tucker * diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 8917551d3..3513d6011 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,5 +1,3 @@ -/* $Id: openssl-compat.h,v 1.31 2014/08/29 18:18:29 djm Exp $ */ - /* * Copyright (c) 2005 Darren Tucker * diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 53e4e88a0..9c0a4dd3e 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,5 +1,3 @@ -/* $Id: port-aix.h,v 1.32 2009/12/20 23:49:22 dtucker Exp $ */ - /* * * Copyright (c) 2001 Gert Doering. All rights reserved. diff --git a/openbsd-compat/port-irix.h b/openbsd-compat/port-irix.h index 67c486307..bc8cc44ac 100644 --- a/openbsd-compat/port-irix.h +++ b/openbsd-compat/port-irix.h @@ -1,5 +1,3 @@ -/* $Id: port-irix.h,v 1.4 2003/08/29 16:59:52 mouring Exp $ */ - /* * Copyright (c) 2000 Denis Parker. All rights reserved. * Copyright (c) 2000 Michael Stone. All rights reserved. diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index f36999d7a..e4c5d1b7c 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,5 +1,3 @@ -/* $Id: port-linux.c,v 1.18 2013/06/01 22:07:32 dtucker Exp $ */ - /* * Copyright (c) 2005 Daniel Walsh * Copyright (c) 2006 Damien Miller diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index e3d1004aa..3c22a854d 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,5 +1,3 @@ -/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ - /* * Copyright (c) 2006 Damien Miller * diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index e36e412d7..bb8fccb41 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -1,5 +1,3 @@ -/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ - /* * Copyright (c) 2006 Chad Mynhier. * diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index a7cb5eb30..dde1a5b8b 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h @@ -1,5 +1,3 @@ -/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ - /* * Copyright (c) 2006 Chad Mynhier. * diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index fee676e4e..262a79095 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,8 +23,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.15 2009/02/16 04:21:40 djm Exp $ */ - #include "includes.h" #include diff --git a/platform.c b/platform.c index acf8554cd..973a63e40 100644 --- a/platform.c +++ b/platform.c @@ -1,5 +1,3 @@ -/* $Id: platform.c,v 1.22 2014/07/18 04:11:26 djm Exp $ */ - /* * Copyright (c) 2006 Darren Tucker. All rights reserved. * diff --git a/platform.h b/platform.h index e97ecd909..ea4f9c584 100644 --- a/platform.h +++ b/platform.h @@ -1,5 +1,3 @@ -/* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */ - /* * Copyright (c) 2006 Darren Tucker. All rights reserved. * -- cgit v1.2.3 From 1cfd5c06efb121e58e8b6671548fda77ef4b4455 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 29 Sep 2016 03:19:23 +1000 Subject: Remove portability support for mmap We no longer need to wrap/replace mmap for portability now that pre-auth compression has been removed from OpenSSH. --- README.privsep | 7 ---- TODO | 4 -- configure.ac | 2 - openbsd-compat/Makefile.in | 2 +- openbsd-compat/openbsd-compat.h | 1 - openbsd-compat/xmmap.c | 86 ----------------------------------------- 6 files changed, 1 insertion(+), 101 deletions(-) delete mode 100644 openbsd-compat/xmmap.c (limited to 'openbsd-compat') diff --git a/README.privsep b/README.privsep index d910650c5..2120544c7 100644 --- a/README.privsep +++ b/README.privsep @@ -8,10 +8,6 @@ More information is available at: Privilege separation is now enabled by default; see the UsePrivilegeSeparation option in sshd_config(5). -On systems which lack mmap or anonymous (MAP_ANON) memory mapping, -compression must be disabled in order for privilege separation to -function. - When privsep is enabled, during the pre-authentication phase sshd will chroot(2) to "/var/empty" and change its privileges to the "sshd" user and its primary group. sshd is a pseudo-account that should not be @@ -35,9 +31,6 @@ privsep user and chroot directory: --with-privsep-path=xxx Path for privilege separation chroot --with-privsep-user=user Specify non-privileged user for privilege separation -Privsep requires operating system support for file descriptor passing. -Compression will be disabled on systems without a working mmap MAP_ANON. - PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. diff --git a/TODO b/TODO index 645787a6c..f22c7e224 100644 --- a/TODO +++ b/TODO @@ -69,10 +69,6 @@ Packaging: (gilbert.r.loomis@saic.com) PrivSep Issues: -- mmap() issues. - + /dev/zero solution (Solaris) - + No/broken MAP_ANON (Irix) - + broken /dev/zero parse (Linux) - PAM + See above PAM notes - AIX diff --git a/configure.ac b/configure.ac index f6b56db17..f5e137812 100644 --- a/configure.ac +++ b/configure.ac @@ -1137,7 +1137,6 @@ mips-sony-bsd|mips-sony-newsos4) *-*-ultrix*) AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) - AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) AC_DEFINE([NEED_SETPGRP]) AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) ;; @@ -1708,7 +1707,6 @@ AC_CHECK_FUNCS([ \ memmove \ memset_s \ mkdtemp \ - mmap \ ngetaddrinfo \ nsleep \ ogetaddrinfo \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 7f7368aa3..eedbd9eec 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 0de07e9c3..2e56203e1 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -297,7 +297,6 @@ int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, void explicit_bzero(void *p, size_t n); #endif -void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c deleted file mode 100644 index 262a79095..000000000 --- a/openbsd-compat/xmmap.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2002 Tim Rice. All rights reserved. - * MAP_FAILED code by Solar Designer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#ifdef HAVE_SYS_MMAN_H -#include -#endif -#include - -#ifdef HAVE_FCNTL_H -# include -#endif -#include -#include -#include -#include -#include - -#include "log.h" - -void * -xmmap(size_t size) -{ -#ifdef HAVE_MMAP - void *address; - -# ifdef MAP_ANON - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, - -1, (off_t)0); -# else - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, - open("/dev/zero", O_RDWR), (off_t)0); -# endif - -#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == (void *)MAP_FAILED) { - char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; - int tmpfd; - mode_t old_umask; - - old_umask = umask(0177); - tmpfd = mkstemp(tmpname); - umask(old_umask); - if (tmpfd == -1) - fatal("mkstemp(\"%s\"): %s", - MM_SWAP_TEMPLATE, strerror(errno)); - unlink(tmpname); - if (ftruncate(tmpfd, size) != 0) - fatal("%s: ftruncate: %s", __func__, strerror(errno)); - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, - tmpfd, (off_t)0); - close(tmpfd); - } - - return (address); -#else - fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", - __func__); -#endif /* HAVE_MMAP */ - -} - -- cgit v1.2.3 From 7508d83eff89af069760b4cc587305588a64e415 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 Oct 2016 03:53:51 +1100 Subject: If we don't have TCSASOFT, define it to zero. This makes it a no-op when we use it below, which allows us to re-sync those lines with the upstream and make future updates easier. --- openbsd-compat/readpassphrase.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index d63cdf2f0..81c4c2fa1 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -35,10 +35,9 @@ #include #include -#ifdef TCSASOFT -# define _T_FLUSH (TCSAFLUSH|TCSASOFT) -#else -# define _T_FLUSH (TCSAFLUSH) +#ifndef TCSASOFT +/* If we don't have TCSASOFT define it so that ORing it it below is a no-op. */ +# define TCSASOFT 0 #endif /* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */ @@ -121,7 +120,7 @@ restart: if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) term.c_cc[VSTATUS] = _POSIX_VDISABLE; #endif - (void)tcsetattr(input, _T_FLUSH, &term); + (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); } else { memset(&term, 0, sizeof(term)); term.c_lflag |= ECHO; @@ -156,7 +155,7 @@ restart: /* Restore old terminal settings and signals. */ if (memcmp(&term, &oterm, sizeof(term)) != 0) { - while (tcsetattr(input, _T_FLUSH, &oterm) == -1 && + while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && errno == EINTR) continue; } -- cgit v1.2.3 From 12069e56221de207ed666c2449dedb431a2a7ca2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 Oct 2016 04:04:44 +1100 Subject: Import rev 1.23 from OpenBSD. Fixes bz#2619. revision 1.23 date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; Defer installing signal handlers until echo is disabled so that we get suspended normally when not the foreground process. Fix potential infinite loop when restoring terminal settings if process is in the background when restore occurs. OK miod@ --- openbsd-compat/readpassphrase.c | 84 +++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 41 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 81c4c2fa1..82a0b7239 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,7 +1,8 @@ -/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.23 2010/05/14 13:30:34 millert Exp $ */ /* - * Copyright (c) 2000-2002, 2007 Todd C. Miller + * Copyright (c) 2000-2002, 2007, 2010 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -94,24 +95,10 @@ restart: } /* - * Catch signals that would otherwise cause the user to end - * up with echo turned off in the shell. Don't worry about - * things like SIGXCPU and SIGVTALRM for now. + * Turn off echo if possible. + * If we are using a tty but are not the foreground pgrp this will + * generate SIGTTOU, so do it *before* installing the signal handlers. */ - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; /* don't restart system calls */ - sa.sa_handler = handler; - (void)sigaction(SIGALRM, &sa, &savealrm); - (void)sigaction(SIGHUP, &sa, &savehup); - (void)sigaction(SIGINT, &sa, &saveint); - (void)sigaction(SIGPIPE, &sa, &savepipe); - (void)sigaction(SIGQUIT, &sa, &savequit); - (void)sigaction(SIGTERM, &sa, &saveterm); - (void)sigaction(SIGTSTP, &sa, &savetstp); - (void)sigaction(SIGTTIN, &sa, &savettin); - (void)sigaction(SIGTTOU, &sa, &savettou); - - /* Turn off echo if possible. */ if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { memcpy(&term, &oterm, sizeof(term)); if (!(flags & RPP_ECHO_ON)) @@ -128,35 +115,50 @@ restart: oterm.c_lflag |= ECHO; } - /* No I/O if we are already backgrounded. */ - if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) { - if (!(flags & RPP_STDIN)) - (void)write(output, prompt, strlen(prompt)); - end = buf + bufsiz - 1; - p = buf; - while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { - if (p < end) { - if ((flags & RPP_SEVENBIT)) - ch &= 0x7f; - if (isalpha(ch)) { - if ((flags & RPP_FORCELOWER)) - ch = (char)tolower(ch); - if ((flags & RPP_FORCEUPPER)) - ch = (char)toupper(ch); - } - *p++ = ch; + /* + * Catch signals that would otherwise cause the user to end + * up with echo turned off in the shell. Don't worry about + * things like SIGXCPU and SIGVTALRM for now. + */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; /* don't restart system calls */ + sa.sa_handler = handler; + (void)sigaction(SIGALRM, &sa, &savealrm); + (void)sigaction(SIGHUP, &sa, &savehup); + (void)sigaction(SIGINT, &sa, &saveint); + (void)sigaction(SIGPIPE, &sa, &savepipe); + (void)sigaction(SIGQUIT, &sa, &savequit); + (void)sigaction(SIGTERM, &sa, &saveterm); + (void)sigaction(SIGTSTP, &sa, &savetstp); + (void)sigaction(SIGTTIN, &sa, &savettin); + (void)sigaction(SIGTTOU, &sa, &savettou); + + if (!(flags & RPP_STDIN)) + (void)write(output, prompt, strlen(prompt)); + end = buf + bufsiz - 1; + p = buf; + while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { + if (p < end) { + if ((flags & RPP_SEVENBIT)) + ch &= 0x7f; + if (isalpha(ch)) { + if ((flags & RPP_FORCELOWER)) + ch = (char)tolower(ch); + if ((flags & RPP_FORCEUPPER)) + ch = (char)toupper(ch); } + *p++ = ch; } - *p = '\0'; - save_errno = errno; - if (!(term.c_lflag & ECHO)) - (void)write(output, "\n", 1); } + *p = '\0'; + save_errno = errno; + if (!(term.c_lflag & ECHO)) + (void)write(output, "\n", 1); /* Restore old terminal settings and signals. */ if (memcmp(&term, &oterm, sizeof(term)) != 0) { while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && - errno == EINTR) + errno == EINTR && !signo[SIGTTOU]) continue; } (void)sigaction(SIGALRM, &savealrm, NULL); -- cgit v1.2.3 From 29d40319392e6e19deeca9d45468aa1119846e50 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 Oct 2016 04:07:20 +1100 Subject: Import rev 1.24 from OpenBSD. revision 1.24 date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; most obvious unsigned char casts for ctype ok jca krw ingo --- openbsd-compat/readpassphrase.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 82a0b7239..c99b4e20c 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpassphrase.c,v 1.23 2010/05/14 13:30:34 millert Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.24 2013/11/24 23:51:29 deraadt Exp $ */ /* * Copyright (c) 2000-2002, 2007, 2010 @@ -141,11 +141,11 @@ restart: if (p < end) { if ((flags & RPP_SEVENBIT)) ch &= 0x7f; - if (isalpha(ch)) { + if (isalpha((unsigned char)ch)) { if ((flags & RPP_FORCELOWER)) - ch = (char)tolower(ch); + ch = (char)tolower((unsigned char)ch); if ((flags & RPP_FORCEUPPER)) - ch = (char)toupper(ch); + ch = (char)toupper((unsigned char)ch); } *p++ = ch; } -- cgit v1.2.3 From 032147b69527e5448a511049b2d43dbcae582624 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 15 Oct 2016 05:51:12 +1100 Subject: Move DEF_WEAK into defines.h. As well pull in more recent changes from OpenBSD these will start to arrive so put it where the definition is shared. --- defines.h | 7 +++++++ openbsd-compat/vis.c | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/defines.h b/defines.h index 68466a340..c89f85a8d 100644 --- a/defines.h +++ b/defines.h @@ -832,6 +832,13 @@ struct winsize { # define SSH_IOBUFSZ 8192 #endif +/* + * We want functions in openbsd-compat, if enabled, to override system ones. + * We no-op out the weak symbol definition rather than remove it to reduce + * future sync problems. + */ +#define DEF_WEAK(x) + /* * Platforms that have arc4random_uniform() and not arc4random_stir() * shouldn't need the latter. diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c index 3cef6bafd..0e04ed025 100644 --- a/openbsd-compat/vis.c +++ b/openbsd-compat/vis.c @@ -33,12 +33,6 @@ #include "includes.h" #if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) -/* - * We want these to override in the BROKEN_STRNVIS case. TO avoid future sync - * problems no-op out the weak symbol definition rather than remove it. - */ -#define DEF_WEAK(x) - #include #include #include -- cgit v1.2.3 From f901440cc844062c9bab0183d133f7ccc58ac3a5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 19 Oct 2016 03:23:16 +1100 Subject: Import readpassphrase.c rev 1.25. Wrap so internal calls go direct and readpassphrase is weak. (DEF_WEAK is a no-op in portable.) --- openbsd-compat/readpassphrase.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index c99b4e20c..783cc9e67 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpassphrase.c,v 1.24 2013/11/24 23:51:29 deraadt Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.25 2015/09/14 10:45:27 guenther Exp $ */ /* * Copyright (c) 2000-2002, 2007, 2010 @@ -195,6 +195,7 @@ restart: errno = save_errno; return(nr == -1 ? NULL : buf); } +DEF_WEAK(readpassphrase); #if 0 char * -- cgit v1.2.3 From 8f866d8a57b9a2dc5dd04504e27f593b551618e3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 19 Oct 2016 03:26:09 +1100 Subject: Import readpassphrase.c rev 1.26. Author: miller@openbsd.org: Avoid generate SIGTTOU when restoring the terminal mode. If we get SIGTTOU it means the process is not in the foreground process group which, in most cases, means that the shell has taken control of the tty. Requiring the user the fg the process in this case doesn't make sense and can result in both SIGTSTP and SIGTTOU being sent which can lead to the process being suspended again immediately after being brought into the foreground. --- openbsd-compat/readpassphrase.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 783cc9e67..24aed6e46 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpassphrase.c,v 1.25 2015/09/14 10:45:27 guenther Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $ */ /* * Copyright (c) 2000-2002, 2007, 2010 @@ -157,9 +157,13 @@ restart: /* Restore old terminal settings and signals. */ if (memcmp(&term, &oterm, sizeof(term)) != 0) { + const int sigttou = signo[SIGTTOU]; + + /* Ignore SIGTTOU generated when we are not the fg pgrp. */ while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && errno == EINTR && !signo[SIGTTOU]) continue; + signo[SIGTTOU] = sigttou; } (void)sigaction(SIGALRM, &savealrm, NULL); (void)sigaction(SIGHUP, &savehup, NULL); -- cgit v1.2.3 From b4e96b4c9bea4182846e4942ba2048e6d708ee54 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 26 Oct 2016 08:43:25 +1100 Subject: Use !=NULL instead of >0 for getdefaultproj. getdefaultproj() returns a pointer so test it for NULL inequality instead of >0. Fixes compiler warning and is more correct. Patch from David Binderman. --- openbsd-compat/port-solaris.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index bb8fccb41..0e89dc326 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -213,7 +213,7 @@ solaris_set_default_project(struct passwd *pw) /* get default project, if we fail just return gracefully */ if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, - sizeof(buf))) > 0) { + sizeof(buf))) != NULL) { /* set default project */ if (setproject(defaultproject->pj_name, pw->pw_name, TASK_NORMAL) != 0) -- cgit v1.2.3 From a9ff3950b8e80ff971b4d44bbce96df27aed28af Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 28 Oct 2016 14:26:58 +1100 Subject: Move OPENSSL_NO_RIPEMD160 to compat. Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the ripemd160 MACs. --- digest-openssl.c | 3 +-- mac.c | 4 ++++ openbsd-compat/openssl-compat.h | 6 ++++++ 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/digest-openssl.c b/digest-openssl.c index 517d2a24c..13b63c2f0 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -32,8 +32,7 @@ #include "digest.h" #include "ssherr.h" -#if !defined(HAVE_EVP_RIPEMD160) || defined(OPENSSL_NO_RIPEMD) || \ - defined(OPENSSL_NO_RMD160) +#ifndef HAVE_EVP_RIPEMD160 # define EVP_ripemd160 NULL #endif /* HAVE_EVP_RIPEMD160 */ #ifndef HAVE_EVP_SHA256 diff --git a/mac.c b/mac.c index 6b12cd197..5ba7fae19 100644 --- a/mac.c +++ b/mac.c @@ -64,8 +64,10 @@ static const struct macalg macs[] = { #endif { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, +#ifdef HAVE_EVP_RIPEMD160 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, +#endif { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, @@ -78,7 +80,9 @@ static const struct macalg macs[] = { #endif { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, +#ifdef HAVE_EVP_RIPEMD160 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, +#endif { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 3513d6011..2ae42bacf 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -69,6 +69,12 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); # endif #endif +#if defined(HAVE_EVP_RIPEMD160) +# if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160) +# undef HAVE_EVP_RIPEMD160 +# endif +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * to automatically handle OpenSSL engine initialisation. -- cgit v1.2.3 From afec07732aa2985142f3e0b9a01eb6391f523dec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 13 Dec 2016 10:23:03 +1100 Subject: Add strcasestr to compat library. Fixes build on (at least) Solaris 10. --- configure.ac | 1 + openbsd-compat/Makefile.in | 2 +- openbsd-compat/strcasestr.c | 69 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 openbsd-compat/strcasestr.c (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index a221214d1..59582524e 100644 --- a/configure.ac +++ b/configure.ac @@ -1743,6 +1743,7 @@ AC_CHECK_FUNCS([ \ socketpair \ statfs \ statvfs \ + strcasestr \ strdup \ strerror \ strlcat \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index eedbd9eec..d51eacf65 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o +OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o diff --git a/openbsd-compat/strcasestr.c b/openbsd-compat/strcasestr.c new file mode 100644 index 000000000..4c4d1475a --- /dev/null +++ b/openbsd-compat/strcasestr.c @@ -0,0 +1,69 @@ +/* $OpenBSD: strcasestr.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/* $NetBSD: strcasestr.c,v 1.2 2005/02/09 21:35:47 kleink Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strcasestr.c */ + +#include "includes.h" + +#ifndef HAVE_STRCASESTR + +#include +#include + +/* + * Find the first occurrence of find in s, ignore case. + */ +char * +strcasestr(const char *s, const char *find) +{ + char c, sc; + size_t len; + + if ((c = *find++) != 0) { + c = (char)tolower((unsigned char)c); + len = strlen(find); + do { + do { + if ((sc = *s++) == 0) + return (NULL); + } while ((char)tolower((unsigned char)sc) != c); + } while (strncasecmp(s, find, len) != 0); + s--; + } + return ((char *)s); +} +DEF_WEAK(strcasestr); + +#endif -- cgit v1.2.3 From 25275f1c9d5f01a0877d39444e8f90521a598ea0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 13 Dec 2016 12:54:23 +1100 Subject: Add prototype for strcasestr in compat library. --- openbsd-compat/openbsd-compat.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'openbsd-compat') diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 2e56203e1..f02dec63e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -94,6 +94,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz); size_t strlcat(char *dst, const char *src, size_t siz); #endif +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *, const char *); +#endif + #ifndef HAVE_SETENV int setenv(register const char *name, register const char *value, int rewrite); #endif -- cgit v1.2.3 From b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 13 Dec 2016 12:56:40 +1100 Subject: Remove commented-out includes. These commented-out includes have "Still needed?" comments. Since they've been commented out for ~13 years I assert that they're not. --- openbsd-compat/openbsd-compat.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index f02dec63e..cff547745 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -85,12 +85,10 @@ int rresvport_af(int *alport, sa_family_t af); #endif #ifndef HAVE_STRLCPY -/* #include XXX Still needed? */ size_t strlcpy(char *dst, const char *src, size_t siz); #endif #ifndef HAVE_STRLCAT -/* #include XXX Still needed? */ size_t strlcat(char *dst, const char *src, size_t siz); #endif @@ -156,7 +154,6 @@ void compat_init_setproctitle(int argc, char *argv[]); #endif #ifndef HAVE_GETGROUPLIST -/* #include XXXX Still needed ? */ int getgrouplist(const char *, gid_t, gid_t *, int *); #endif @@ -208,8 +205,6 @@ int asprintf(char **, const char *, ...); int openpty(int *, int *, char *, struct termios *, struct winsize *); #endif /* HAVE_OPENPTY */ -/* #include XXX needed? For size_t */ - #ifndef HAVE_SNPRINTF int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); #endif -- cgit v1.2.3 From 5e4ebd6472d995738a2c67d618c4bd1ee2c00968 Mon Sep 17 00:00:00 2001 From: Manoj Srivastava Date: Sun, 9 Feb 2014 16:09:49 +0000 Subject: Handle SELinux authorisation roles Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch --- auth.h | 1 + auth2.c | 10 ++++++++-- monitor.c | 32 +++++++++++++++++++++++++++++--- monitor.h | 2 ++ monitor_wrap.c | 22 ++++++++++++++++++++-- monitor_wrap.h | 3 ++- openbsd-compat/port-linux.c | 27 ++++++++++++++++++++------- openbsd-compat/port-linux.h | 4 ++-- platform.c | 4 ++-- platform.h | 2 +- session.c | 10 +++++----- session.h | 2 +- sshd.c | 2 +- sshpty.c | 4 ++-- sshpty.h | 2 +- 15 files changed, 97 insertions(+), 30 deletions(-) (limited to 'openbsd-compat') diff --git a/auth.h b/auth.h index 338a62da7..8c658d16e 100644 --- a/auth.h +++ b/auth.h @@ -62,6 +62,7 @@ struct Authctxt { char *service; struct passwd *pw; /* set if 'valid' */ char *style; + char *role; void *kbdintctxt; char *info; /* Extra info for next auth_log */ #ifdef BSD_AUTH diff --git a/auth2.c b/auth2.c index ce0d37601..461311bda 100644 --- a/auth2.c +++ b/auth2.c @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; + char *user, *service, *method, *style = NULL, *role = NULL; int authenticated = 0; if (authctxt == NULL) @@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); + if ((role = strchr(user, '/')) != NULL) + *role++ = 0; + if ((style = strchr(user, ':')) != NULL) *style++ = 0; + else if (role && (style = strchr(role, ':')) != NULL) + *style++ = '\0'; if (authctxt->attempt++ == 0) { /* setup auth context */ @@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; + authctxt->role = role ? xstrdup(role) : NULL; if (use_privsep) - mm_inform_authserv(service, style); + mm_inform_authserv(service, style, role); userauth_banner(); if (auth2_setup_methods_lists(authctxt) != 0) packet_disconnect("no authentication methods enabled"); diff --git a/monitor.c b/monitor.c index 76d9e346a..64286a128 100644 --- a/monitor.c +++ b/monitor.c @@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *); int mm_answer_pwnamallow(int, Buffer *); int mm_answer_auth2_read_banner(int, Buffer *); int mm_answer_authserv(int, Buffer *); +int mm_answer_authrole(int, Buffer *); int mm_answer_authpassword(int, Buffer *); int mm_answer_bsdauthquery(int, Buffer *); int mm_answer_bsdauthrespond(int, Buffer *); @@ -204,6 +205,7 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, + {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, #ifdef USE_PAM @@ -786,6 +788,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) /* Allow service/style information on the auth context */ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); #ifdef USE_PAM @@ -816,14 +819,37 @@ mm_answer_authserv(int sock, Buffer *m) authctxt->service = buffer_get_string(m, NULL); authctxt->style = buffer_get_string(m, NULL); - debug3("%s: service=%s, style=%s", - __func__, authctxt->service, authctxt->style); + authctxt->role = buffer_get_string(m, NULL); + debug3("%s: service=%s, style=%s, role=%s", + __func__, authctxt->service, authctxt->style, authctxt->role); if (strlen(authctxt->style) == 0) { free(authctxt->style); authctxt->style = NULL; } + if (strlen(authctxt->role) == 0) { + free(authctxt->role); + authctxt->role = NULL; + } + + return (0); +} + +int +mm_answer_authrole(int sock, Buffer *m) +{ + monitor_permit_authentications(1); + + authctxt->role = buffer_get_string(m, NULL); + debug3("%s: role=%s", + __func__, authctxt->role); + + if (strlen(authctxt->role) == 0) { + free(authctxt->role); + authctxt->role = NULL; + } + return (0); } @@ -1458,7 +1484,7 @@ mm_answer_pty(int sock, Buffer *m) res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); if (res == 0) goto error; - pty_setowner(authctxt->pw, s->tty); + pty_setowner(authctxt->pw, s->tty, authctxt->role); buffer_put_int(m, 1); buffer_put_cstring(m, s->tty); diff --git a/monitor.h b/monitor.h index ec41404c7..4c7955d7a 100644 --- a/monitor.h +++ b/monitor.h @@ -68,6 +68,8 @@ enum monitor_reqtype { MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, + MONITOR_REQ_AUTHROLE = 154, + }; struct monitor { diff --git a/monitor_wrap.c b/monitor_wrap.c index d5cb640af..2ff8064a0 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -327,10 +327,10 @@ mm_auth2_read_banner(void) return (banner); } -/* Inform the privileged process about service and style */ +/* Inform the privileged process about service, style, and role */ void -mm_inform_authserv(char *service, char *style) +mm_inform_authserv(char *service, char *style, char *role) { Buffer m; @@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style) buffer_init(&m); buffer_put_cstring(&m, service); buffer_put_cstring(&m, style ? style : ""); + buffer_put_cstring(&m, role ? role : ""); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); buffer_free(&m); } +/* Inform the privileged process about role */ + +void +mm_inform_authrole(char *role) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, role ? role : ""); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); + + buffer_free(&m); +} + /* Do the password authentication */ int mm_auth_password(Authctxt *authctxt, char *password) diff --git a/monitor_wrap.h b/monitor_wrap.h index 8f9dd8961..3e75867cd 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); -void mm_inform_authserv(char *, char *); +void mm_inform_authserv(char *, char *, char *); +void mm_inform_authrole(char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index e4c5d1b7c..e26faf08c 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -27,6 +27,12 @@ #include #include +#ifdef WITH_SELINUX +#include "key.h" +#include "hostfile.h" +#include "auth.h" +#endif + #include "log.h" #include "xmalloc.h" #include "port-linux.h" @@ -56,7 +62,7 @@ ssh_selinux_enabled(void) /* Return the default security context for the given username */ static security_context_t -ssh_selinux_getctxbyname(char *pwname) +ssh_selinux_getctxbyname(char *pwname, const char *role) { security_context_t sc = NULL; char *sename = NULL, *lvl = NULL; @@ -71,9 +77,16 @@ ssh_selinux_getctxbyname(char *pwname) #endif #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - r = get_default_context_with_level(sename, lvl, NULL, &sc); + if (role != NULL && role[0]) + r = get_default_context_with_rolelevel(sename, role, lvl, NULL, + &sc); + else + r = get_default_context_with_level(sename, lvl, NULL, &sc); #else - r = get_default_context(sename, NULL, &sc); + if (role != NULL && role[0]) + r = get_default_context_with_role(sename, role, NULL, &sc); + else + r = get_default_context(sename, NULL, &sc); #endif if (r != 0) { @@ -103,7 +116,7 @@ ssh_selinux_getctxbyname(char *pwname) /* Set the execution context to the default for the specified user */ void -ssh_selinux_setup_exec_context(char *pwname) +ssh_selinux_setup_exec_context(char *pwname, const char *role) { security_context_t user_ctx = NULL; @@ -112,7 +125,7 @@ ssh_selinux_setup_exec_context(char *pwname) debug3("%s: setting execution context", __func__); - user_ctx = ssh_selinux_getctxbyname(pwname); + user_ctx = ssh_selinux_getctxbyname(pwname, role); if (setexeccon(user_ctx) != 0) { switch (security_getenforce()) { case -1: @@ -134,7 +147,7 @@ ssh_selinux_setup_exec_context(char *pwname) /* Set the TTY context for the specified user */ void -ssh_selinux_setup_pty(char *pwname, const char *tty) +ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role) { security_context_t new_tty_ctx = NULL; security_context_t user_ctx = NULL; @@ -145,7 +158,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) debug3("%s: setting TTY context on %s", __func__, tty); - user_ctx = ssh_selinux_getctxbyname(pwname); + user_ctx = ssh_selinux_getctxbyname(pwname, role); /* XXX: should these calls fatal() upon failure in enforcing mode? */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 3c22a854d..c88129428 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -19,8 +19,8 @@ #ifdef WITH_SELINUX int ssh_selinux_enabled(void); -void ssh_selinux_setup_pty(char *, const char *); -void ssh_selinux_setup_exec_context(char *); +void ssh_selinux_setup_pty(char *, const char *, const char *); +void ssh_selinux_setup_exec_context(char *, const char *); void ssh_selinux_change_context(const char *); void ssh_selinux_setfscreatecon(const char *); #endif diff --git a/platform.c b/platform.c index 973a63e40..cd7bf5665 100644 --- a/platform.c +++ b/platform.c @@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw) * called if sshd is running as root. */ void -platform_setusercontext_post_groups(struct passwd *pw) +platform_setusercontext_post_groups(struct passwd *pw, const char *role) { #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) /* @@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw) } #endif /* HAVE_SETPCRED */ #ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); + ssh_selinux_setup_exec_context(pw->pw_name, role); #endif } diff --git a/platform.h b/platform.h index ea4f9c584..60d72ffe7 100644 --- a/platform.h +++ b/platform.h @@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); int platform_privileged_uidswap(void); void platform_setusercontext(struct passwd *); -void platform_setusercontext_post_groups(struct passwd *); +void platform_setusercontext_post_groups(struct passwd *, const char *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); int platform_sys_dir_uid(uid_t); diff --git a/session.c b/session.c index a08aa69d1..ea3871eb8 100644 --- a/session.c +++ b/session.c @@ -1325,7 +1325,7 @@ safely_chroot(const char *path, uid_t uid) /* Set login name, uid, gid, and groups. */ void -do_setusercontext(struct passwd *pw) +do_setusercontext(struct passwd *pw, const char *role) { char *chroot_path, *tmp; @@ -1353,7 +1353,7 @@ do_setusercontext(struct passwd *pw) endgrent(); #endif - platform_setusercontext_post_groups(pw); + platform_setusercontext_post_groups(pw, role); if (!in_chroot && options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { @@ -1489,7 +1489,7 @@ do_child(Session *s, const char *command) /* Force a password change */ if (s->authctxt->force_pwchange) { - do_setusercontext(pw); + do_setusercontext(pw, s->authctxt->role); child_close_fds(); do_pwchange(s); exit(1); @@ -1511,7 +1511,7 @@ do_child(Session *s, const char *command) /* When PAM is enabled we rely on it to do the nologin check */ if (!options.use_pam) do_nologin(pw); - do_setusercontext(pw); + do_setusercontext(pw, s->authctxt->role); /* * PAM session modules in do_setusercontext may have * generated messages, so if this in an interactive @@ -1903,7 +1903,7 @@ session_pty_req(Session *s) tty_parse_modes(s->ttyfd, &n_bytes); if (!use_privsep) - pty_setowner(s->pw, s->tty); + pty_setowner(s->pw, s->tty, s->authctxt->role); /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); diff --git a/session.h b/session.h index 98e1dafee..0a31dce4d 100644 --- a/session.h +++ b/session.h @@ -76,7 +76,7 @@ void session_pty_cleanup2(Session *); Session *session_new(void); Session *session_by_tty(char *); void session_close(Session *); -void do_setusercontext(struct passwd *); +void do_setusercontext(struct passwd *, const char *); void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value); diff --git a/sshd.c b/sshd.c index 4f791b92b..5a3f796d4 100644 --- a/sshd.c +++ b/sshd.c @@ -678,7 +678,7 @@ privsep_postauth(Authctxt *authctxt) reseed_prngs(); /* Drop privileges */ - do_setusercontext(authctxt->pw); + do_setusercontext(authctxt->pw, authctxt->role); skip: /* It is safe now to apply the key state */ diff --git a/sshpty.c b/sshpty.c index fe2fb5aa2..feb22b06b 100644 --- a/sshpty.c +++ b/sshpty.c @@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col, } void -pty_setowner(struct passwd *pw, const char *tty) +pty_setowner(struct passwd *pw, const char *tty, const char *role) { struct group *grp; gid_t gid; @@ -209,7 +209,7 @@ pty_setowner(struct passwd *pw, const char *tty) strerror(errno)); #ifdef WITH_SELINUX - ssh_selinux_setup_pty(pw->pw_name, tty); + ssh_selinux_setup_pty(pw->pw_name, tty, role); #endif if (st.st_uid != pw->pw_uid || st.st_gid != gid) { diff --git a/sshpty.h b/sshpty.h index 9ec7e9a15..de7e000ae 100644 --- a/sshpty.h +++ b/sshpty.h @@ -24,5 +24,5 @@ int pty_allocate(int *, int *, char *, size_t); void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); void pty_change_window_size(int, u_int, u_int, u_int, u_int); -void pty_setowner(struct passwd *, const char *); +void pty_setowner(struct passwd *, const char *, const char *); void disconnect_controlling_tty(void); -- cgit v1.2.3 From cb15899de8dc5d2e8b3869d743307d252af69643 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:01 +0000 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch --- dns.c | 14 +++++++++++++- openbsd-compat/getrrsetbyname.c | 10 +++++----- openbsd-compat/getrrsetbyname.h | 3 +++ 3 files changed, 21 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/dns.c b/dns.c index e813afeae..fce2e308f 100644 --- a/dns.c +++ b/dns.c @@ -206,6 +206,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, { u_int counter; int result; + unsigned int rrset_flags = 0; struct rrsetinfo *fingerprints = NULL; u_int8_t hostkey_algorithm; @@ -229,8 +230,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, return -1; } + /* + * Original getrrsetbyname function, found on OpenBSD for example, + * doesn't accept any flag and prerequisite for obtaining AD bit in + * DNS response is set by "options edns0" in resolv.conf. + * + * Our version is more clever and use RRSET_FORCE_EDNS0 flag. + */ +#ifndef HAVE_GETRRSETBYNAME + rrset_flags |= RRSET_FORCE_EDNS0; +#endif result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, - DNS_RDATATYPE_SSHFP, 0, &fingerprints); + DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); + if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); return -1; diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index dc6fe0533..e061a290a 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, goto fail; } - /* don't allow flags yet, unimplemented */ - if (flags) { + /* Allow RRSET_FORCE_EDNS0 flag only. */ + if ((flags & !RRSET_FORCE_EDNS0) != 0) { result = ERRSET_INVAL; goto fail; } @@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, #endif /* DEBUG */ #ifdef RES_USE_DNSSEC - /* turn on DNSSEC if EDNS0 is configured */ - if (_resp->options & RES_USE_EDNS0) - _resp->options |= RES_USE_DNSSEC; + /* turn on DNSSEC if required */ + if (flags & RRSET_FORCE_EDNS0) + _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC); #endif /* RES_USE_DNSEC */ /* make query */ diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h index 1283f5506..dbbc85a2a 100644 --- a/openbsd-compat/getrrsetbyname.h +++ b/openbsd-compat/getrrsetbyname.h @@ -72,6 +72,9 @@ #ifndef RRSET_VALIDATED # define RRSET_VALIDATED 1 #endif +#ifndef RRSET_FORCE_EDNS0 +# define RRSET_FORCE_EDNS0 0x0001 +#endif /* * Return codes for getrrsetbyname() -- cgit v1.2.3 From 27710ce6deb6e9a820235ac44dd82333ab330047 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 9 Feb 2014 16:10:14 +0000 Subject: Don't check the status field of the OpenSSL version There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch --- openbsd-compat/openssl-compat.c | 6 +++--- openbsd-compat/regress/opensslvertest.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 259fccbec..aaa953f2d 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -34,7 +34,7 @@ /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we + * After that, we accept compatible fix and status versions (so we * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed * within a patch series. */ @@ -55,10 +55,10 @@ ssh_compatible_openssl(long headerver, long libver) } /* - * For versions >= 1.0.0, major,minor,status must match and library + * For versions >= 1.0.0, major,minor must match and library * fix version must be equal to or newer than the header. */ - mask = 0xfff0000fL; /* major,minor,status */ + mask = 0xfff00000L; /* major,minor */ hfix = (headerver & 0x000ff000) >> 12; lfix = (libver & 0x000ff000) >> 12; if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c index 5d019b598..58474873d 100644 --- a/openbsd-compat/regress/opensslvertest.c +++ b/openbsd-compat/regress/opensslvertest.c @@ -35,6 +35,7 @@ struct version_test { /* built with 1.0.1b release headers */ { 0x1000101fL, 0x1000101fL, 1},/* exact match */ + { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */ { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ -- cgit v1.2.3