diff options
author | des <des@FreeBSD.org> | 2005-06-05 15:40:50 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2005-06-05 15:40:50 +0000 |
commit | 7688286f9d9a66af347e4db35573e5ba6e442cfa (patch) | |
tree | 6713f2b8723527bfa448751015d00b87e37ff7ab /crypto/openssh/openbsd-compat | |
parent | 6df3f85aaf265237b19c1600c26a6ae344183f55 (diff) | |
parent | 11a09ab416e21c995885dc0e5847151627094217 (diff) | |
download | FreeBSD-src-7688286f9d9a66af347e4db35573e5ba6e442cfa.zip FreeBSD-src-7688286f9d9a66af347e4db35573e5ba6e442cfa.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r146998,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/openssh/openbsd-compat')
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-arc4random.c | 8 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cray.c | 4 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cray.h | 6 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cygwin_util.c | 54 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cygwin_util.h | 4 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-misc.c | 13 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-misc.h | 6 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-openpty.c | 2 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-snprintf.c | 4 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/getrrsetbyname.c | 2 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/inet_ntop.c | 2 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/mktemp.c | 5 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-aix.c | 121 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-aix.h | 46 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/realpath.c | 69 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/xmmap.c | 4 |
16 files changed, 267 insertions, 83 deletions
diff --git a/crypto/openssh/openbsd-compat/bsd-arc4random.c b/crypto/openssh/openbsd-compat/bsd-arc4random.c index 5284e1a..1eeb695 100644 --- a/crypto/openssh/openbsd-compat/bsd-arc4random.c +++ b/crypto/openssh/openbsd-compat/bsd-arc4random.c @@ -17,7 +17,7 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -34,7 +34,8 @@ RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); static int rc4_ready = 0; static RC4_KEY rc4; -unsigned int arc4random(void) +unsigned int +arc4random(void) { unsigned int r = 0; static int first_time = 1; @@ -53,7 +54,8 @@ unsigned int arc4random(void) return(r); } -void arc4random_stir(void) +void +arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; int i; diff --git a/crypto/openssh/openbsd-compat/bsd-cray.c b/crypto/openssh/openbsd-compat/bsd-cray.c index f630366..d1f1c05 100644 --- a/crypto/openssh/openbsd-compat/bsd-cray.c +++ b/crypto/openssh/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $ + * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ * * bsd-cray.c * @@ -171,7 +171,7 @@ cray_access_denied(char *username) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { cray_login_failure((char *)user, IA_UDBERR); } diff --git a/crypto/openssh/openbsd-compat/bsd-cray.h b/crypto/openssh/openbsd-compat/bsd-cray.h index de6ba1a..774eceb 100644 --- a/crypto/openssh/openbsd-compat/bsd-cray.h +++ b/crypto/openssh/openbsd-compat/bsd-cray.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) @@ -42,10 +42,10 @@ void cray_init_job(struct passwd *); void cray_job_termination_handler(int); void cray_login_failure(char *, int ); int cray_access_denied(char *); -#define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); extern char cray_tmpdir[]; +#define CUSTOM_FAILED_LOGIN 1 + #ifndef IA_SSHD # define IA_SSHD IA_LOGIN #endif diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index 92cdba6..f53abb6 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -38,6 +38,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); #include <sys/utsname.h> #include <sys/vfs.h> #include <windows.h> +#include "xmalloc.h" #define is_winnt (GetVersion() < 0x80000000) #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) @@ -96,7 +97,6 @@ has_capability(int what) */ if (!inited) { struct utsname uts; - char *c; if (!uname(&uts)) { int major_high = 0, major_low = 0, minor = 0; @@ -236,4 +236,54 @@ register_9x_service(void) RegisterServiceProcess(0, 1); } +#define NL(x) x, (sizeof (x) - 1) +#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) + +static struct wenv { + const char *name; + size_t namelen; +} wenv_arr[] = { + { NL("ALLUSERSPROFILE=") }, + { NL("COMMONPROGRAMFILES=") }, + { NL("COMPUTERNAME=") }, + { NL("COMSPEC=") }, + { NL("NUMBER_OF_PROCESSORS=") }, + { NL("OS=") }, + { NL("PATH=") }, + { NL("PATHEXT=") }, + { NL("PROCESSOR_ARCHITECTURE=") }, + { NL("PROCESSOR_IDENTIFIER=") }, + { NL("PROCESSOR_LEVEL=") }, + { NL("PROCESSOR_REVISION=") }, + { NL("PROGRAMFILES=") }, + { NL("SYSTEMDRIVE=") }, + { NL("SYSTEMROOT=") }, + { NL("TMP=") }, + { NL("TEMP=") }, + { NL("WINDIR=") }, +}; + +char ** +fetch_windows_environment(void) +{ + char **e, **p; + int i, idx = 0; + + p = xmalloc(WENV_SIZ * sizeof(char *)); + for (e = environ; *e != NULL; ++e) { + for (i = 0; i < WENV_SIZ; ++i) { + if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) + p[idx++] = *e; + } + } + p[idx] = NULL; + return p; +} + +void +free_windows_environment(char **p) +{ + xfree(p); +} + #endif /* HAVE_CYGWIN */ diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h index 5ccb0fb..6719b8a 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ /* * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> @@ -46,6 +46,8 @@ int binary_pipe(int fd[2]); int check_nt_auth(int, struct passwd *); int check_ntsec(const char *); void register_9x_service(void); +char **fetch_windows_environment(void); +void free_windows_environment(char **); #define open binary_open #define pipe binary_pipe diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 1b276b4..41f92cc 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -122,17 +122,6 @@ int truncate(const char *path, off_t length) } #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -/* - * Cygwin setgroups should be a noop. - */ -int -setgroups(size_t size, const gid_t *list) -{ - return (0); -} -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) int nanosleep(const struct timespec *req, struct timespec *rem) { diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index 33a1d70..b61ec42 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { diff --git a/crypto/openssh/openbsd-compat/bsd-openpty.c b/crypto/openssh/openbsd-compat/bsd-openpty.c index daf5f8b..8eb62b7 100644 --- a/crypto/openssh/openbsd-compat/bsd-openpty.c +++ b/crypto/openssh/openbsd-compat/bsd-openpty.c @@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } -#ifndef HAVE_CYGWIN /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ -#endif /* HAVE_CYGWIN */ return (0); diff --git a/crypto/openssh/openbsd-compat/bsd-snprintf.c b/crypto/openssh/openbsd-compat/bsd-snprintf.c index e4d8a43..b5a7ef7 100644 --- a/crypto/openssh/openbsd-compat/bsd-snprintf.c +++ b/crypto/openssh/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = "<NULL>"; - for (strln = 0; value[strln]; ++strln); /* strlen */ + for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index 660427c..4e869c4 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { + if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } diff --git a/crypto/openssh/openbsd-compat/inet_ntop.c b/crypto/openssh/openbsd-compat/inet_ntop.c index 7031625..47796c3 100644 --- a/crypto/openssh/openbsd-compat/inet_ntop.c +++ b/crypto/openssh/openbsd-compat/inet_ntop.c @@ -35,9 +35,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> -#ifndef HAVE_CYGWIN #include <arpa/nameser.h> -#endif #include <string.h> #include <errno.h> #include <stdio.h> diff --git a/crypto/openssh/openbsd-compat/mktemp.c b/crypto/openssh/openbsd-compat/mktemp.c index aff8d20..969f695 100644 --- a/crypto/openssh/openbsd-compat/mktemp.c +++ b/crypto/openssh/openbsd-compat/mktemp.c @@ -40,11 +40,6 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_CYGWIN -#define open binary_open -extern int binary_open(); -#endif - static int _gettemp(char *, int *, int, int); int diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c index 78f4fae..fa6a4ff 100644 --- a/crypto/openssh/openbsd-compat/port-aix.c +++ b/crypto/openssh/openbsd-compat/port-aix.c @@ -1,6 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -27,19 +28,15 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" #ifdef _AIX #include <uinfo.h> +#include <sys/socket.h> #include "port-aix.h" -extern ServerOptions options; -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -51,6 +48,8 @@ static char old_registry[REGISTRY_SIZE] = ""; * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ + + void aix_usrinfo(struct passwd *pw) { @@ -92,6 +91,59 @@ aix_remove_embedded_newlines(char *p) } /* + * Test specifically for the case where SYSTEM == NONE and AUTH1 contains + * anything other than NONE or SYSTEM, which indicates that the admin has + * configured the account for purely AUTH1-type authentication. + * + * Since authenticate() doesn't check AUTH1, and sshd can't sanely support + * AUTH1 itself, in such a case authenticate() will allow access without + * authentation, which is almost certainly not what the admin intends. + * + * (The native tools, eg login, will process the AUTH1 list in addition to + * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods + * have been deprecated since AIX 4.2.x and would be very difficult for sshd + * to support. + * + * Returns 0 if an unsupportable combination is found, 1 otherwise. + */ +static int +aix_valid_authentications(const char *user) +{ + char *auth1, *sys, *p; + int valid = 1; + + if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { + logit("Can't retrieve attribute SYSTEM for %s: %.100s", + user, strerror(errno)); + return 0; + } + + debug3("AIX SYSTEM attribute %s", sys); + if (strcmp(sys, "NONE") != 0) + return 1; /* not "NONE", so is OK */ + + if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { + logit("Can't retrieve attribute auth1 for %s: %.100s", + user, strerror(errno)); + return 0; + } + + p = auth1; + /* A SEC_LIST is concatenated strings, ending with two NULs. */ + while (p[0] != '\0' && p[1] != '\0') { + debug3("AIX auth1 attribute list member %s", p); + if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { + logit("Account %s has unsupported auth1 value '%s'", + user, p); + valid = 0; + } + p += strlen(p) + 1; + } + + return (valid); +} + +/* * Do authentication via AIX's authenticate routine. We loop until the * reenter parameter is 0, but normally authenticate is called only once. * @@ -99,7 +151,7 @@ aix_remove_embedded_newlines(char *p) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -112,6 +164,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) authmsg); } while (reenter); + if (!aix_valid_authentications(name)) + result = -1; + if (result == 0) { authsuccess = 1; @@ -126,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -136,7 +191,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) break; case 1: /* expired, password change required */ ctxt->force_pwchange = 1; - disable_forwarding(); break; default: /* user can't change(2) or other error (-1) */ logit("Password can't be changed for user %s: %.100s", @@ -160,7 +214,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -187,7 +241,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -200,17 +254,18 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; aix_setauthdb(user); - if (loginsuccess((char *)user, host, ttynm, &msg) == 0) { + if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", __func__, msg); - buffer_append(&loginmsg, msg, strlen(msg)); + debug("AIX/loginsuccess: msg %s", msg); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -223,18 +278,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); + loginfailed((char *)user, (char *)hostname, (char *)ttyname, + AUDIT_FAIL_AUTH); # else - loginfailed((char *)user, hostname, (char *)ttyname); + loginfailed((char *)user, (char *)hostname, (char *)ttyname); # endif aix_restoreauthdb(); } @@ -291,4 +345,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h index 29e9751..a05ce970 100644 --- a/crypto/openssh/openbsd-compat/port-aix.h +++ b/crypto/openssh/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ /* * @@ -27,6 +27,13 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include <sys/socket.h> +#endif +#ifdef HAVE_UNISTD_H +# include <unistd.h> /* for seteuid() */ +#endif + #ifdef WITH_AIXAUTHENTICATE # include <login.h> # include <userpw.h> @@ -36,6 +43,28 @@ # include <usersec.h> #endif +#include "buffer.h" + +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -64,14 +93,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ diff --git a/crypto/openssh/openbsd-compat/realpath.c b/crypto/openssh/openbsd-compat/realpath.c index 218fbec..7f73bd9 100644 --- a/crypto/openssh/openbsd-compat/realpath.c +++ b/crypto/openssh/openbsd-compat/realpath.c @@ -37,7 +37,7 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $"; +static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -67,17 +67,25 @@ char * realpath(const char *path, char *resolved) { struct stat sb; - int fd, n, needslash, serrno = 0; - char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN]; + int fd, n, needslash, serrno; + char *p, *q, wbuf[MAXPATHLEN]; int symlinks = 0; /* Save the starting point. */ - getcwd(start,MAXPATHLEN); +#ifndef HAVE_FCHDIR + char start[MAXPATHLEN]; + /* this is potentially racy but without fchdir we have no option */ + if (getcwd(start, sizeof(start)) == NULL) { + resolved[0] = '.'; + resolved[1] = '\0'; + return (NULL); + } +#endif if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + resolved[0] = '.'; + resolved[1] = '\0'; return (NULL); } - close(fd); /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ if (path[0] == '.' && path[1] == '\0') @@ -91,7 +99,10 @@ realpath(const char *path, char *resolved) * if it is a directory, then change to that directory. * get the current directory name and append the basename. */ - strlcpy(resolved, path, MAXPATHLEN); + if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { + serrno = ENAMETOOLONG; + goto err2; + } loop: q = strrchr(resolved, '/'); if (q != NULL) { @@ -114,11 +125,10 @@ loop: if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { if (++symlinks > MAXSYMLINKS) { - serrno = ELOOP; + errno = ELOOP; goto err1; } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) + if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) goto err1; resolved[n] = '\0'; goto loop; @@ -134,8 +144,11 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) + if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { + errno = ENAMETOOLONG; + goto err1; + } + if (getcwd(resolved, MAXPATHLEN) == NULL) goto err1; /* @@ -149,23 +162,43 @@ loop: if (*wbuf) { if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { - serrno = ENAMETOOLONG; + errno = ENAMETOOLONG; + goto err1; + } + if (needslash) { + if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; + goto err1; + } + } + if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; goto err1; } - if (needslash) - strlcat(resolved, "/", MAXPATHLEN); - strlcat(resolved, wbuf, MAXPATHLEN); } /* Go back to where we came from. */ +#ifdef HAVE_FCHDIR + if (fchdir(fd) < 0) { +#else if (chdir(start) < 0) { +#endif serrno = errno; goto err2; } + + /* It's okay if the close fails, what's an fd more or less? */ + (void)close(fd); return (resolved); -err1: chdir(start); -err2: errno = serrno; +err1: serrno = errno; +#ifdef HAVE_FCHDIR + (void)fchdir(fd); +#else + chdir(start); +#endif +err2: (void)close(fd); + errno = serrno; return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ diff --git a/crypto/openssh/openbsd-compat/xmmap.c b/crypto/openssh/openbsd-compat/xmmap.c index c8d59de..74e8a8b 100644 --- a/crypto/openssh/openbsd-compat/xmmap.c +++ b/crypto/openssh/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ #include "includes.h" @@ -47,7 +47,7 @@ void *xmmap(size_t size) # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == MAP_FAILED) { + if (address == (void *)MAP_FAILED) { char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; int tmpfd; mode_t old_umask; |