summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/openbsd-compat
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/openbsd-compat')
-rw-r--r--crypto/openssh/openbsd-compat/bsd-cygwin_util.c9
-rw-r--r--crypto/openssh/openbsd-compat/openbsd-compat.h10
-rw-r--r--crypto/openssh/openbsd-compat/openssl-compat.c3
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.c25
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.h6
-rw-r--r--crypto/openssh/openbsd-compat/port-linux.c98
-rw-r--r--crypto/openssh/openbsd-compat/port-linux.h8
-rw-r--r--crypto/openssh/openbsd-compat/pwcache.c114
-rw-r--r--crypto/openssh/openbsd-compat/readpassphrase.c78
9 files changed, 304 insertions, 47 deletions
diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
index e90c159..e9fa3a0 100644
--- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
+++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
@@ -85,23 +85,14 @@ static struct wenv {
size_t namelen;
} wenv_arr[] = {
{ NL("ALLUSERSPROFILE=") },
- { NL("COMMONPROGRAMFILES=") },
{ NL("COMPUTERNAME=") },
{ NL("COMSPEC=") },
{ NL("CYGWIN=") },
- { NL("NUMBER_OF_PROCESSORS=") },
{ NL("OS=") },
{ NL("PATH=") },
{ NL("PATHEXT=") },
- { NL("PROCESSOR_ARCHITECTURE=") },
- { NL("PROCESSOR_IDENTIFIER=") },
- { NL("PROCESSOR_LEVEL=") },
- { NL("PROCESSOR_REVISION=") },
- { NL("PROGRAMFILES=") },
{ NL("SYSTEMDRIVE=") },
{ NL("SYSTEMROOT=") },
- { NL("TMP=") },
- { NL("TEMP=") },
{ NL("WINDIR=") }
};
diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h
index 50c6d99..cad2408 100644
--- a/crypto/openssh/openbsd-compat/openbsd-compat.h
+++ b/crypto/openssh/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.46 2008/06/08 17:32:29 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.49 2010/01/16 12:58:37 dtucker Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -200,6 +200,14 @@ int vasprintf(char **, const char *, va_list);
int vsnprintf(char *, size_t, const char *, va_list);
#endif
+#ifndef HAVE_USER_FROM_UID
+char *user_from_uid(uid_t, int);
+#endif
+
+#ifndef HAVE_GROUP_FROM_GID
+char *group_from_gid(gid_t, int);
+#endif
+
void *xmmap(size_t size);
char *xcrypt(const char *password, const char *salt);
char *shadow_pw(struct passwd *pw);
diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c
index dd326c0..420496c 100644
--- a/crypto/openssh/openbsd-compat/openssl-compat.c
+++ b/crypto/openssh/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.9 2010/01/28 23:54:11 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -67,5 +67,6 @@ ssh_SSLeay_add_all_algorithms(void)
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
+ OPENSSL_config(NULL);
}
#endif
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index d9c0876..0bdefbf 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -374,6 +374,31 @@ aix_restoreauthdb(void)
# endif /* WITH_AIXAUTHENTICATE */
+# ifdef USE_AIX_KRB_NAME
+/*
+ * aix_krb5_get_principal_name: returns the user's kerberos client principal name if
+ * configured, otherwise NULL. Caller must free returned string.
+ */
+char *
+aix_krb5_get_principal_name(char *pw_name)
+{
+ char *authname = NULL, *authdomain = NULL, *principal = NULL;
+
+ setuserdb(S_READ);
+ if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0)
+ debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno));
+ if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0)
+ debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno));
+
+ if (authdomain != NULL)
+ xasprintf(&principal, "%s@%s", authname ? authname : pw_name, authdomain);
+ else if (authname != NULL)
+ principal = xstrdup(authname);
+ enduserdb();
+ return principal;
+}
+# endif /* USE_AIX_KRB_NAME */
+
# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
# undef getnameinfo
/*
diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h
index 3ac76ae..53e4e88 100644
--- a/crypto/openssh/openbsd-compat/port-aix.h
+++ b/crypto/openssh/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.32 2009/12/20 23:49:22 dtucker Exp $ */
/*
*
@@ -95,6 +95,10 @@ int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
char *sys_auth_get_lastlogin_msg(const char *, uid_t);
# define CUSTOM_FAILED_LOGIN 1
+# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME)
+# define USE_AIX_KRB_NAME
+char *aix_krb5_get_principal_name(char *);
+# endif
#endif
void aix_setauthdb(const char *);
diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c
index ad26275..89b9a73 100644
--- a/crypto/openssh/openbsd-compat/port-linux.c
+++ b/crypto/openssh/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -23,14 +23,17 @@
#include "includes.h"
+#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST)
#include <errno.h>
#include <stdarg.h>
#include <string.h>
+#include <stdio.h>
-#ifdef WITH_SELINUX
#include "log.h"
+#include "xmalloc.h"
#include "port-linux.h"
+#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#include <selinux/flask.h>
#include <selinux/get_context_list.h>
@@ -168,4 +171,95 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
freecon(user_ctx);
debug3("%s: done", __func__);
}
+
+void
+ssh_selinux_change_context(const char *newname)
+{
+ int len, newlen;
+ char *oldctx, *newctx, *cx;
+
+ if (!ssh_selinux_enabled())
+ return;
+
+ if (getcon((security_context_t *)&oldctx) < 0) {
+ logit("%s: getcon failed with %s", __func__, strerror (errno));
+ return;
+ }
+ if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
+ NULL) {
+ logit ("%s: unparseable context %s", __func__, oldctx);
+ return;
+ }
+
+ newlen = strlen(oldctx) + strlen(newname) + 1;
+ newctx = xmalloc(newlen);
+ len = cx - oldctx + 1;
+ memcpy(newctx, oldctx, len);
+ strlcpy(newctx + len, newname, newlen - len);
+ if ((cx = index(cx + 1, ':')))
+ strlcat(newctx, cx, newlen);
+ debug3("%s: setting context from '%s' to '%s'", __func__, oldctx,
+ newctx);
+ if (setcon(newctx) < 0)
+ logit("%s: setcon failed with %s", __func__, strerror (errno));
+ xfree(oldctx);
+ xfree(newctx);
+}
#endif /* WITH_SELINUX */
+
+#ifdef LINUX_OOM_ADJUST
+#define OOM_ADJ_PATH "/proc/self/oom_adj"
+/*
+ * The magic "don't kill me", as documented in eg:
+ * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
+ */
+#define OOM_ADJ_NOKILL -17
+
+static int oom_adj_save = INT_MIN;
+
+/*
+ * Tell the kernel's out-of-memory killer to avoid sshd.
+ * Returns the previous oom_adj value or zero.
+ */
+void
+oom_adjust_setup(void)
+{
+ FILE *fp;
+
+ debug3("%s", __func__);
+ if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) {
+ if (fscanf(fp, "%d", &oom_adj_save) != 1)
+ verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno));
+ else {
+ rewind(fp);
+ if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0)
+ verbose("error writing %s: %s",
+ OOM_ADJ_PATH, strerror(errno));
+ else
+ verbose("Set %s from %d to %d",
+ OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL);
+ }
+ fclose(fp);
+ }
+}
+
+/* Restore the saved OOM adjustment */
+void
+oom_adjust_restore(void)
+{
+ FILE *fp;
+
+ debug3("%s", __func__);
+ if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL)
+ return;
+
+ if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
+ verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno));
+ else
+ verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save);
+
+ fclose(fp);
+ return;
+}
+#endif /* LINUX_OOM_ADJUST */
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
diff --git a/crypto/openssh/openbsd-compat/port-linux.h b/crypto/openssh/openbsd-compat/port-linux.h
index 5cd39bf..209d9a7 100644
--- a/crypto/openssh/openbsd-compat/port-linux.h
+++ b/crypto/openssh/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -23,6 +23,12 @@
int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
+void ssh_selinux_change_context(const char *);
+#endif
+
+#ifdef LINUX_OOM_ADJUST
+void oom_adjust_restore(void);
+void oom_adjust_setup(void);
#endif
#endif /* ! _PORT_LINUX_H */
diff --git a/crypto/openssh/openbsd-compat/pwcache.c b/crypto/openssh/openbsd-compat/pwcache.c
new file mode 100644
index 0000000..5a8b788
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/pwcache.c
@@ -0,0 +1,114 @@
+/* $OpenBSD: pwcache.c,v 1.9 2005/08/08 08:05:34 espie Exp $ */
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/gen/pwcache.c */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define NCACHE 64 /* power of 2 */
+#define MASK (NCACHE - 1) /* bits to store with */
+
+#ifndef HAVE_USER_FROM_UID
+char *
+user_from_uid(uid_t uid, int nouser)
+{
+ static struct ncache {
+ uid_t uid;
+ char *name;
+ } c_uid[NCACHE];
+ static int pwopen;
+ static char nbuf[15]; /* 32 bits == 10 digits */
+ struct passwd *pw;
+ struct ncache *cp;
+
+ cp = c_uid + (uid & MASK);
+ if (cp->uid != uid || cp->name == NULL) {
+ if (pwopen == 0) {
+#ifdef HAVE_SETPASSENT
+ setpassent(1);
+#endif
+ pwopen = 1;
+ }
+ if ((pw = getpwuid(uid)) == NULL) {
+ if (nouser)
+ return (NULL);
+ (void)snprintf(nbuf, sizeof(nbuf), "%u", uid);
+ }
+ cp->uid = uid;
+ if (cp->name != NULL)
+ free(cp->name);
+ cp->name = strdup(pw ? pw->pw_name : nbuf);
+ }
+ return (cp->name);
+}
+#endif
+
+#ifndef HAVE_GROUP_FROM_GID
+char *
+group_from_gid(gid_t gid, int nogroup)
+{
+ static struct ncache {
+ gid_t gid;
+ char *name;
+ } c_gid[NCACHE];
+ static int gropen;
+ static char nbuf[15]; /* 32 bits == 10 digits */
+ struct group *gr;
+ struct ncache *cp;
+
+ cp = c_gid + (gid & MASK);
+ if (cp->gid != gid || cp->name == NULL) {
+ if (gropen == 0) {
+#ifdef HAVE_SETGROUPENT
+ setgroupent(1);
+#endif
+ gropen = 1;
+ }
+ if ((gr = getgrgid(gid)) == NULL) {
+ if (nogroup)
+ return (NULL);
+ (void)snprintf(nbuf, sizeof(nbuf), "%u", gid);
+ }
+ cp->gid = gid;
+ if (cp->name != NULL)
+ free(cp->name);
+ cp->name = strdup(gr ? gr->gr_name : nbuf);
+ }
+ return (cp->name);
+}
+#endif
diff --git a/crypto/openssh/openbsd-compat/readpassphrase.c b/crypto/openssh/openbsd-compat/readpassphrase.c
index 11bd8f6..62b6d0d 100644
--- a/crypto/openssh/openbsd-compat/readpassphrase.c
+++ b/crypto/openssh/openbsd-compat/readpassphrase.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: readpassphrase.c,v 1.18 2005/08/08 08:05:34 espie Exp $ */
+/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */
/*
- * Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -46,7 +46,7 @@
# define _POSIX_VDISABLE VDISABLE
#endif
-static volatile sig_atomic_t signo;
+static volatile sig_atomic_t signo[_NSIG];
static void handler(int);
@@ -54,7 +54,7 @@ char *
readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
{
ssize_t nr;
- int input, output, save_errno;
+ int input, output, save_errno, i, need_restart;
char ch, *p, *end;
struct termios term, oterm;
struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
@@ -67,7 +67,11 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
}
restart:
- signo = 0;
+ for (i = 0; i < _NSIG; i++)
+ signo[i] = 0;
+ nr = -1;
+ save_errno = 0;
+ need_restart = 0;
/*
* Read and write to /dev/tty if available. If not, read from
* stdin and write to stderr unless a tty is required.
@@ -117,26 +121,30 @@ restart:
oterm.c_lflag |= ECHO;
}
- if (!(flags & RPP_STDIN))
- (void)write(output, prompt, strlen(prompt));
- end = buf + bufsiz - 1;
- for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
- if (p < end) {
- if ((flags & RPP_SEVENBIT))
- ch &= 0x7f;
- if (isalpha(ch)) {
- if ((flags & RPP_FORCELOWER))
- ch = tolower(ch);
- if ((flags & RPP_FORCEUPPER))
- ch = toupper(ch);
+ /* No I/O if we are already backgrounded. */
+ if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) {
+ if (!(flags & RPP_STDIN))
+ (void)write(output, prompt, strlen(prompt));
+ end = buf + bufsiz - 1;
+ p = buf;
+ while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+ if (p < end) {
+ if ((flags & RPP_SEVENBIT))
+ ch &= 0x7f;
+ if (isalpha(ch)) {
+ if ((flags & RPP_FORCELOWER))
+ ch = (char)tolower(ch);
+ if ((flags & RPP_FORCEUPPER))
+ ch = (char)toupper(ch);
+ }
+ *p++ = ch;
}
- *p++ = ch;
}
+ *p = '\0';
+ save_errno = errno;
+ if (!(term.c_lflag & ECHO))
+ (void)write(output, "\n", 1);
}
- *p = '\0';
- save_errno = errno;
- if (!(term.c_lflag & ECHO))
- (void)write(output, "\n", 1);
/* Restore old terminal settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
@@ -152,6 +160,7 @@ restart:
(void)sigaction(SIGTERM, &saveterm, NULL);
(void)sigaction(SIGTSTP, &savetstp, NULL);
(void)sigaction(SIGTTIN, &savettin, NULL);
+ (void)sigaction(SIGTTOU, &savettou, NULL);
if (input != STDIN_FILENO)
(void)close(input);
@@ -159,20 +168,25 @@ restart:
* If we were interrupted by a signal, resend it to ourselves
* now that we have restored the signal handlers.
*/
- if (signo) {
- kill(getpid(), signo);
- switch (signo) {
- case SIGTSTP:
- case SIGTTIN:
- case SIGTTOU:
- goto restart;
+ for (i = 0; i < _NSIG; i++) {
+ if (signo[i]) {
+ kill(getpid(), i);
+ switch (i) {
+ case SIGTSTP:
+ case SIGTTIN:
+ case SIGTTOU:
+ need_restart = 1;
+ }
}
}
+ if (need_restart)
+ goto restart;
- errno = save_errno;
+ if (save_errno)
+ errno = save_errno;
return(nr == -1 ? NULL : buf);
}
-
+
#if 0
char *
getpass(const char *prompt)
@@ -186,6 +200,6 @@ getpass(const char *prompt)
static void handler(int s)
{
- signo = s;
+ signo[s] = 1;
}
#endif /* HAVE_READPASSPHRASE */
OpenPOWER on IntegriCloud