Upgrade to OpenSSH 5.3p1.

author: des <des@FreeBSD.org> 2009-10-01 17:12:52 +0000
committer: des <des@FreeBSD.org> 2009-10-01 17:12:52 +0000
commit: c6a1085feffa5fcd9040272aeae30e7f2466f754 (patch)
tree: 927d2417c80c4c448ee45c25269ecab7af8f482e /crypto/openssh/openbsd-compat
parent: 4f56708582006aca1db129a86ef646499265ee9a (diff)
parent: 98b8242e22b0fc941b830dcec63d235b01bd46a2 (diff)
download: FreeBSD-src-c6a1085feffa5fcd9040272aeae30e7f2466f754.zip
FreeBSD-src-c6a1085feffa5fcd9040272aeae30e7f2466f754.tar.gz
8 files changed, 39 insertions, 147 deletions
diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
index 38be7e3..e90c159 100644
--- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
+++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
@@ -39,9 +39,6 @@
 #endif
 
 #include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/utsname.h>
-#include <sys/vfs.h>
 
 #include <fcntl.h>
 #include <stdlib.h>
@@ -49,11 +46,6 @@
 #include <windows.h>
 
 #include "xmalloc.h"
-#define is_winnt       (GetVersion() < 0x80000000)
-
-#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
-#define ntsec_off(c)	((c) && strstr((c),"nontsec"))
-#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
 
 int 
 binary_open(const char *filename, int flags, ...)
@@ -79,128 +71,12 @@ binary_pipe(int fd[2])
 	return (ret);
 }
 
-#define HAS_CREATE_TOKEN 1
-#define HAS_NTSEC_BY_DEFAULT 2
-#define HAS_CREATE_TOKEN_WO_NTSEC 3
-
-static int 
-has_capability(int what)
-{
-	static int inited;
-	static int has_create_token;
-	static int has_ntsec_by_default;
-	static int has_create_token_wo_ntsec;
-
-	/* 
-	 * has_capability() basically calls uname() and checks if
-	 * specific capabilities of Cygwin can be evaluated from that.
-	 * This simplifies the calling functions which only have to ask
-	 * for a capability using has_capability() instead of having
-	 * to figure that out by themselves.
-	 */
-	if (!inited) {
-		struct utsname uts;
-		
-		if (!uname(&uts)) {
-			int major_high = 0, major_low = 0, minor = 0;
-			int api_major_version = 0, api_minor_version = 0;
-			char *c;
-
-			sscanf(uts.release, "%d.%d.%d", &major_high,
-			    &major_low, &minor);
-			if ((c = strchr(uts.release, '(')) != NULL) {
-				sscanf(c + 1, "%d.%d", &api_major_version,
-				    &api_minor_version);
-			}
-			if (major_high > 1 ||
-			    (major_high == 1 && (major_low > 3 ||
-			    (major_low == 3 && minor >= 2))))
-				has_create_token = 1;
-			if (api_major_version > 0 || api_minor_version >= 56)
-				has_ntsec_by_default = 1;
-			if (major_high > 1 ||
-			    (major_high == 1 && major_low >= 5))
-				has_create_token_wo_ntsec = 1;
-			inited = 1;
-		}
-	}
-	switch (what) {
-	case HAS_CREATE_TOKEN:
-		return (has_create_token);
-	case HAS_NTSEC_BY_DEFAULT:
-		return (has_ntsec_by_default);
-	case HAS_CREATE_TOKEN_WO_NTSEC:
-		return (has_create_token_wo_ntsec);
-	}
-	return (0);
-}
-
-int
-check_nt_auth(int pwd_authenticated, struct passwd *pw)
-{
-	/*
-	* The only authentication which is able to change the user
-	* context on NT systems is the password authentication. So
-	* we deny all requsts for changing the user context if another
-	* authentication method is used.
-	*
-	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
-	* uses the undocumented NtCreateToken() call to create a user
-	* token if the process has the appropriate privileges and if
-	* CYGWIN ntsec setting is on.
-	*/
-	static int has_create_token = -1;
-
-	if (pw == NULL)
-		return 0;
-	if (is_winnt) {
-		if (has_create_token < 0) {
-			char *cygwin = getenv("CYGWIN");
-
-			has_create_token = 0;
-			if (has_capability(HAS_CREATE_TOKEN) &&
-			    (ntsec_on(cygwin) ||
-			    (has_capability(HAS_NTSEC_BY_DEFAULT) &&
-			     !ntsec_off(cygwin)) ||
-			     has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
-				has_create_token = 1;
-		}
-		if (has_create_token < 1 &&
-		    !pwd_authenticated && geteuid() != pw->pw_uid)
-			return (0);
-	}
-	return (1);
-}
-
 int
 check_ntsec(const char *filename)
 {
 	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }
 
-void
-register_9x_service(void)
-{
-        HINSTANCE kerneldll;
-        DWORD (*RegisterServiceProcess)(DWORD, DWORD);
-
-	/* The service register mechanism in 9x/Me is pretty different from
-	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
-	 * application to register and control sshd as service.  This method
-	 * doesn't play nicely with 9x/Me.  For that reason we register here
-	 * as service when running under 9x/Me.  This function is only called
-	 * by the child sshd when it's going to daemonize.
-	 */
-	if (is_winnt)
-		return;
-	if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
-		return;
-	if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
-		GetProcAddress(kerneldll, "RegisterServiceProcess")))
-		return;
-	RegisterServiceProcess(0, 1);
-}
-
 #define NL(x) x, (sizeof (x) - 1)
 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
 
diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
index 6719b8a..39b8eb7 100644
--- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
+++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@@ -35,7 +35,6 @@
 #ifdef HAVE_CYGWIN
 
 #undef ERROR
-#define is_winnt       (GetVersion() < 0x80000000)
 
 #include <windows.h>
 #include <sys/cygwin.h>
@@ -43,9 +42,7 @@
 
 int binary_open(const char *, int , ...);
 int binary_pipe(int fd[2]);
-int check_nt_auth(int, struct passwd *);
 int check_ntsec(const char *);
-void register_9x_service(void);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);
 
diff --git a/crypto/openssh/openbsd-compat/daemon.c b/crypto/openssh/openbsd-compat/daemon.c
index e3a6886..3efe14c 100644
--- a/crypto/openssh/openbsd-compat/daemon.c
+++ b/crypto/openssh/openbsd-compat/daemon.c
@@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
 	case -1:
 		return (-1);
 	case 0:
-#ifdef HAVE_CYGWIN
-		register_9x_service();
-#endif
 		break;
 	default:
-#ifdef HAVE_CYGWIN
-		/*
-		 * This sleep avoids a race condition which kills the
-		 * child process if parent is started by a NT/W2K service.
-		 */
-		sleep(1);
-#endif
 		_exit(0);
 	}
 
diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c
index 785b225..9887667 100644
--- a/crypto/openssh/openbsd-compat/getrrsetbyname.c
+++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c
@@ -143,7 +143,7 @@ u_int32_t _getlong(register const u_char *);
 
 /* ************** */
 
-#define ANSWER_BUFFER_SIZE 1024*64
+#define ANSWER_BUFFER_SIZE 0xffff
 
 struct dns_query {
 	char			*name;
diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c
index 49238ba..dd326c0 100644
--- a/crypto/openssh/openbsd-compat/openssl-compat.c
+++ b/crypto/openssh/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -49,6 +49,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
 }
 #endif
 
+#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+int
+ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
+{
+	EVP_DigestUpdate(ctx, d, cnt);
+	return 1;
+}
+#endif
+
 #ifdef	USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h
index 6a1bed5..fcc7628 100644
--- a/crypto/openssh/openbsd-compat/openssl-compat.h
+++ b/crypto/openssh/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -80,6 +80,10 @@ extern const EVP_CIPHER *evp_acss(void);
 #  define EVP_CIPHER_CTX_cleanup(a)	ssh_EVP_CIPHER_CTX_cleanup((a))
 # endif /* SSH_OLD_EVP */
 
+# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+#  define EVP_DigestUpdate(a,b,c)	ssh_EVP_DigestUpdate((a),(b),(c))
+#  endif
+
 # ifdef USE_OPENSSL_ENGINE
 #  ifdef SSLeay_add_all_algorithms
 #   undef SSLeay_add_all_algorithms
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index 5b1cb73..d9c0876 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -57,6 +57,8 @@
 
 #include "port-aix.h"
 
+static char *lastlogin_msg = NULL;
+
 # ifdef HAVE_SETAUTHDB
 static char old_registry[REGISTRY_SIZE] = "";
 # endif
@@ -276,23 +278,30 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
     Buffer *loginmsg)
 {
 	char *msg = NULL;
-	static int msg_done = 0;
 	int success = 0;
 
 	aix_setauthdb(user);
 	if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
 		success = 1;
-		if (msg != NULL && loginmsg != NULL && !msg_done) {
+		if (msg != NULL) {
 			debug("AIX/loginsuccess: msg %s", msg);
-			buffer_append(loginmsg, msg, strlen(msg));
-			xfree(msg);
-			msg_done = 1;
+			if (lastlogin_msg == NULL)
+				lastlogin_msg = msg;
 		}
 	}
 	aix_restoreauthdb();
 	return (success);
 }
 
+char *
+sys_auth_get_lastlogin_msg(const char *user, uid_t uid)
+{
+	char *msg = lastlogin_msg;
+
+	lastlogin_msg = NULL;
+	return msg;
+}
+
 #  ifdef CUSTOM_FAILED_LOGIN
 /*
  * record_failed_login: generic "login failed" interface function
diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h
index ecb9fea..3ac76ae 100644
--- a/crypto/openssh/openbsd-compat/port-aix.h
+++ b/crypto/openssh/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
 
 /*
  *
@@ -71,6 +71,11 @@ int passwdexpired(char *, char **);
 # include <sys/timers.h>
 #endif
 
+/* for setpcred and friends */
+#ifdef HAVE_USERSEC_H
+# include <usersec.h>
+#endif
+
 /*
  * According to the setauthdb man page, AIX password registries must be 15
  * chars or less plus terminating NUL.
@@ -87,6 +92,8 @@ void aix_usrinfo(struct passwd *);
 int sys_auth_allowed_user(struct passwd *, Buffer *);
 # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
 int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
+# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
+char *sys_auth_get_lastlogin_msg(const char *, uid_t);
 # define CUSTOM_FAILED_LOGIN 1
 #endif
author	des <des@FreeBSD.org>	2009-10-01 17:12:52 +0000
committer	des <des@FreeBSD.org>	2009-10-01 17:12:52 +0000
commit	c6a1085feffa5fcd9040272aeae30e7f2466f754 (patch)
tree	927d2417c80c4c448ee45c25269ecab7af8f482e /crypto/openssh/openbsd-compat
parent	4f56708582006aca1db129a86ef646499265ee9a (diff)
parent	98b8242e22b0fc941b830dcec63d235b01bd46a2 (diff)
download	FreeBSD-src-c6a1085feffa5fcd9040272aeae30e7f2466f754.zip FreeBSD-src-c6a1085feffa5fcd9040272aeae30e7f2466f754.tar.gz