Date: Tue, 9 Oct 2018 19:27:42 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339263 - head/crypto/openssh Message-ID: <201810091927.w99JRgeR071028@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Tue Oct 9 19:27:42 2018 New Revision: 339263 URL: https://svnweb.freebsd.org/changeset/base/339263 Log: Fix portability issues with the Capsicum patch committed in r339216: - Wrap access to pw_change and pw_expire in the appropriate #ifdefs. - Wrap calls to login_cap(3) API in appropriate #ifdefs. - Add wrapper for transferring time_t, which is still only 32 bits wide on FreeBSD i386. - Use a temporary variable to deserialize size_t. Approved by: re (gjb) Modified: head/crypto/openssh/monitor.c head/crypto/openssh/monitor_wrap.c head/crypto/openssh/monitor_wrap.h head/crypto/openssh/sshbuf-getput-basic.c head/crypto/openssh/sshbuf.h Modified: head/crypto/openssh/monitor.c ============================================================================== --- head/crypto/openssh/monitor.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor.c Tue Oct 9 19:27:42 2018 (r339263) @@ -114,7 +114,9 @@ static struct sshbuf *child_state; int mm_answer_moduli(int, struct sshbuf *); int mm_answer_sign(int, struct sshbuf *); +#ifdef HAVE_LOGIN_CAP int mm_answer_login_getpwclass(int, struct sshbuf *); +#endif int mm_answer_pwnamallow(int, struct sshbuf *); int mm_answer_auth2_read_banner(int, struct sshbuf *); int mm_answer_authserv(int, struct sshbuf *); @@ -190,7 +192,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, #endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, +#ifdef HAVE_LOGIN_CAP {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass}, +#endif {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, @@ -709,6 +713,7 @@ mm_answer_sign(int sock, struct sshbuf *m) return (0); } +#ifdef HAVE_LOGIN_CAP int mm_answer_login_getpwclass(int sock, struct sshbuf *m) { @@ -748,6 +753,7 @@ mm_answer_login_getpwclass(int sock, struct sshbuf *m) return (0); } +#endif /* Retrieves the password entry and also checks if the user is permitted */ Modified: head/crypto/openssh/monitor_wrap.c ============================================================================== --- head/crypto/openssh/monitor_wrap.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor_wrap.c Tue Oct 9 19:27:42 2018 (r339263) @@ -247,6 +247,7 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size return (0); } +#ifdef HAVE_LOGIN_CAP login_cap_t * mm_login_getpwclass(const struct passwd *pwent) { @@ -286,7 +287,9 @@ mm_login_getpwclass(const struct passwd *pwent) return (lc); } +#endif +#ifdef HAVE_LOGIN_CAP void mm_login_close(login_cap_t *lc) { @@ -297,6 +300,7 @@ mm_login_close(login_cap_t *lc) free(lc->lc_cap); free(lc); } +#endif struct passwd * mm_getpwnamallow(const char *username) Modified: head/crypto/openssh/monitor_wrap.h ============================================================================== --- head/crypto/openssh/monitor_wrap.h Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor_wrap.h Tue Oct 9 19:27:42 2018 (r339263) @@ -28,8 +28,6 @@ #ifndef _MM_WRAP_H_ #define _MM_WRAP_H_ -#include <login_cap.h> - extern int use_privsep; #define PRIVSEP(x) (use_privsep ? mm_##x : x) @@ -46,9 +44,11 @@ DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); +#ifdef HAVE_LOGIN_CAP +struct login_cap *mm_login_getpwclass(const struct passwd *pwd); +void mm_login_close(struct login_cap *lc); +#endif struct passwd *mm_getpwnamallow(const char *); -login_cap_t *mm_login_getpwclass(const struct passwd *pwd); -void mm_login_close(login_cap_t *lc); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, Modified: head/crypto/openssh/sshbuf-getput-basic.c ============================================================================== --- head/crypto/openssh/sshbuf-getput-basic.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/sshbuf-getput-basic.c Tue Oct 9 19:27:42 2018 (r339263) @@ -482,7 +482,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas (r = sshbuf_put_cstring(buf, "*")) != 0 || (r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 || (r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 || - (r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE + (r = sshbuf_put_time(buf, pwent->pw_change)) != 0 || +#endif #ifdef HAVE_STRUCT_PASSWD_PW_GECOS (r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 || #endif @@ -491,7 +493,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas #endif (r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 || (r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 || - (r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE + (r = sshbuf_put_time(buf, pwent->pw_expire)) != 0 || +#endif (r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) { return r; } @@ -505,8 +509,8 @@ struct passwd * sshbuf_get_passwd(struct sshbuf *buf) { struct passwd *pw; + u_int64_t len; int r; - size_t len; /* check if size of struct passwd is as same as sender's size */ r = sshbuf_get_u64(buf, &len); @@ -518,7 +522,9 @@ sshbuf_get_passwd(struct sshbuf *buf) sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 || sshbuf_get_u32(buf, &pw->pw_uid) != 0 || sshbuf_get_u32(buf, &pw->pw_gid) != 0 || - sshbuf_get_u64(buf, &pw->pw_change) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE + sshbuf_get_time(buf, &pw->pw_change) != 0 || +#endif #ifdef HAVE_STRUCT_PASSWD_PW_GECOS sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 || #endif @@ -527,7 +533,9 @@ sshbuf_get_passwd(struct sshbuf *buf) #endif sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 || sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 || - sshbuf_get_u64(buf, &pw->pw_expire) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE + sshbuf_get_time(buf, &pw->pw_expire) != 0 || +#endif sshbuf_get_u32(buf, &pw->pw_fields) != 0) { sshbuf_free_passwd(pw); return NULL; Modified: head/crypto/openssh/sshbuf.h ============================================================================== --- head/crypto/openssh/sshbuf.h Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/sshbuf.h Tue Oct 9 19:27:42 2018 (r339263) @@ -21,7 +21,6 @@ #include <sys/types.h> #include <stdarg.h> #include <stdio.h> -#include <pwd.h> #ifdef WITH_OPENSSL # include <openssl/bn.h> # ifdef OPENSSL_HAS_ECC @@ -176,6 +175,14 @@ int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); int sshbuf_put_u8(struct sshbuf *buf, u_char val); + +#if defined(__FreeBSD__) && defined(__i386__) +#define sshbuf_get_time(b, vp) sshbuf_get_u32((b), (u_int32_t *)(vp)) +#define sshbuf_put_time(b, v) sshbuf_put_u32((b), (u_int32_t)(v)) +#else +#define sshbuf_get_time(b, vp) sshbuf_get_u64((b), (u_int64_t *)(vp)) +#define sshbuf_put_time(b, v) sshbuf_put_u64((b), (u_int64_t)(v)) +#endif /* * Functions to extract or store SSH wire encoded strings (u32 len || data)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810091927.w99JRgeR071028>