Date: Tue, 9 Aug 2005 10:10:22 GMT From: soc-bushman <soc-bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 81717 for review Message-ID: <200508091010.j79AAMJr007041@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=81717 Change 81717 by soc-bushman@soc-bushman_stinger on 2005/08/09 10:09:25 openssh NIS support added, /var/yp/Makefile patch done Affected files ... .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth-rh-rsa.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth2-hostbased.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth2.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/config.h.in#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/configure.ac#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/hostfile.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/hostfile.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/initial_copy.sh#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/key.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/make.sh#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth-rh.rsa.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth2-hostbased.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-config.h.in#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-configure.ac#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-hostfile.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-hostfile.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-sshconnect.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/var_yp_makefile.patch#1 add .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/Makefile#6 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/distinfo#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/batch.patch#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/gss-serv.c.patch#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth-pam.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth-rh.rsa.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth1.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth2-hostbased.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth2.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-clientloop.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-config.h.in#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-configure.ac#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-fake-rfc2553.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-hostfile.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-hostfile.h#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-loginrec.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-regress-test-exec.sh#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-session.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshconnect.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshd.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshd_config#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshpty.c#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/servconf.c.patch#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/sshd.sh#4 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-descr#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-message#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-plist#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/result_copy.sh#3 edit .. //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/sshconnect.c#4 edit Differences ... ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth-rh-rsa.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth2-hostbased.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/auth2.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/config.h.in#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/configure.ac#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/hostfile.c#4 (text+ko) ==== @@ -59,12 +59,10 @@ #if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH) -#ifdef YP +#ifndef WITHOUT_NIS #include <rpcsvc/ypclnt.h> #include <rpcsvc/yp.h> -#include <sys/param.h> -#include <unistd.h> -#endif +#endif /* WITHOUT_NIS */ #ifndef NSDB_SSH_HOSTKEYS #define NSDB_SSH_HOSTKEYS "ssh_hostkeys" @@ -87,12 +85,13 @@ nsswitch_files_conf.system_hostfile2 = system_hostfile2; } +static int hostfile_check_key(int, const Key *, const char *, const char *, int); static HostStatus check_host_in_hostfile_by_key_or_type(const char *, const char *, const Key *, int, Key *, int *); -#ifdef YP +#ifndef WITHOUT_NIS static HostStatus check_host_in_nis_by_key_or_type(const char *, const Key *, int, Key *, int *); -#endif +#endif /* WITHOUT_NIS */ enum constants { CHECK_HOST, @@ -101,16 +100,16 @@ static const ns_src defaultsrc[] = { { NSSRC_FILES, NS_SUCCESS }, -#ifdef YP +#ifndef WITHOUT_NIS { NSSRC_NIS, NS_SUCCESS }, -#endif +#endif /* WITHOUT_NIS */ { NULL, 0 } }; static int files_check_host_by_key_or_type(void *, void *, va_list); -#ifdef YP +#ifndef WITHOUT_NIS static int nis_check_host_by_key_or_type(void *, void *, va_list); -#endif +#endif /* WITHOUT_NIS */ /* files backend implementation */ static int @@ -152,10 +151,10 @@ found, &numret); } - debug3("files_check_host_by_key_or_type: CHECK_HOST - %d", rv); + debug3("files_check_host_by_key_or_type: check_host result %d", rv); if (result != NULL) *((int *)result) = rv; - return ((rv == HOST_NEW) ? NS_NOTFOUND : NS_SUCCESS); + return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); case LOOKUP_KEY_BY_TYPE: filename = nsswitch_files_conf.system_hostfile; @@ -167,7 +166,7 @@ keytype, found, &numret) == HOST_FOUND); } - debug3("files_check_host_by_key_or_type: LOOKUP_KEY_BY_TYPE - %d", rv); + debug3("files_check_host_by_key_or_type: lookup_key_by_type result %d", rv); if (result != NULL) *((int *)result) = rv; return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); @@ -176,10 +175,10 @@ return (NS_NOTFOUND); } -#ifdef YP +#ifndef WITHOUT_NIS /* NIS backend implementation */ static HostStatus -check_host_in_hostfile_by_key_or_type(const char *host, const Key *key, +check_host_in_nis_by_key_or_type(const char *host, const Key *key, int keytype, Key *found, int *numret) { u_int kbits; @@ -187,20 +186,20 @@ char *cp, *cp2, *hashed_host; HostStatus end_return; - char buf[YPMAXRECORD]; - char domain[MAXHOSTNAMELEN]; - + char *domain; char *lastkey; char *current; int current_len; char *resultbuf; - int resultbuf_len; + int resultbuf_len; + int rv; - int rv; - if (getdomainname(domain, sizeof(domain)) != 0) + if (yp_get_default_domain(&domain) != 0) { + debug3("check_host_in_nis: can't get the NIS domain"); return (HOST_NEW); + } current = NULL; current_len = 0; @@ -210,9 +209,8 @@ rv = yp_first(domain, "ssh_hostkeys", ¤t, ¤t_len, &resultbuf, &resultbuf_len); - end_return = HOST_NEW; - while (rv) { + while (rv == 0) { cp = resultbuf; /* comments, trailing spaces and tabs should be deleted during @@ -281,7 +279,7 @@ next_iter: lastkey = current; rv = yp_next(domain, "ssh_hostkeys", current, current_len, - resultbuf, resultbuf_len); + ¤t, ¤t_len, &resultbuf, &resultbuf_len); free(lastkey); ++linenum; @@ -323,16 +321,16 @@ case CHECK_HOST: rv = check_host_in_nis_by_key_or_type(host, key, 0, found, &numret); - debug3("nis_check_host_by_key_or_type: CHECK_HOST - %d", rv); + debug3("nis_check_host_by_key_or_type: check_host result %d", rv); if (result != NULL) *((int *)result) = rv; - return ((rv == HOST_NEW) ? NS_NOTFOUND : NS_SUCCESS); + return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); case LOOKUP_KEY_BY_TYPE: rv = (check_host_in_nis_by_key_or_type(host, NULL, keytype, found, &numret) == HOST_FOUND); - debug3("nis_check_host_by_key_or_type: LOOKUP_KEY_BY_TYPE - %d", rv); + debug3("nis_check_host_by_key_or_type: lookup_key_by_type result %d", rv); if (result != NULL) *((int *)result) = rv; return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); @@ -340,7 +338,7 @@ return (NS_NOTFOUND); } -#endif +#endif /* WITHOUT_NIS */ /* nsswitch interface functions implementation */ HostStatus @@ -348,9 +346,9 @@ { static const ns_dtab dtab[] = { { NSSRC_FILES, files_check_host_by_key_or_type, (void *)CHECK_HOST }, -#ifdef YP +#ifndef WITHOUT_NIS { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)CHECK_HOST }, -#endif +#endif /* WITHOUT_NIS */ { NULL, NULL, NULL } }; @@ -375,9 +373,9 @@ { static const ns_dtab dtab[] = { { NSSRC_FILES, files_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, -#ifdef YP +#ifndef WITHOUT_NIS { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, -#endif +#endif /* WITHOUT_NIS */ { NULL, NULL, NULL } }; ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/hostfile.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/initial_copy.sh#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/key.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/make.sh#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth-rh.rsa.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-auth2-hostbased.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-config.h.in#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-configure.ac#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-hostfile.c#4 (text+ko) ==== @@ -1,6 +1,6 @@ ---- hostfile.c.orig Mon Mar 14 15:08:12 2005 -+++ hostfile.c Mon Jul 18 15:27:23 2005 -@@ -38,16 +38,172 @@ +--- /tmp2/usr/ports/security/openssh-portable/work/openssh-4.1p1/hostfile.c Mon Mar 14 15:08:12 2005 ++++ hostfile.c Tue Aug 9 13:13:17 2005 +@@ -38,16 +38,359 @@ #include "includes.h" RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $"); @@ -25,6 +25,11 @@ + +#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH) + ++#ifndef WITHOUT_NIS ++#include <rpcsvc/ypclnt.h> ++#include <rpcsvc/yp.h> ++#endif /* WITHOUT_NIS */ ++ +#ifndef NSDB_SSH_HOSTKEYS +#define NSDB_SSH_HOSTKEYS "ssh_hostkeys" +#endif /* NSDB_SSH_HOSTKEYS */ @@ -46,8 +51,13 @@ + nsswitch_files_conf.system_hostfile2 = system_hostfile2; +} + ++static int hostfile_check_key(int, const Key *, const char *, const char *, int); +static HostStatus check_host_in_hostfile_by_key_or_type(const char *, + const char *, const Key *, int, Key *, int *); ++#ifndef WITHOUT_NIS ++static HostStatus check_host_in_nis_by_key_or_type(const char *, ++ const Key *, int, Key *, int *); ++#endif /* WITHOUT_NIS */ + +enum constants { + CHECK_HOST, @@ -56,10 +66,16 @@ + +static const ns_src defaultsrc[] = { + { NSSRC_FILES, NS_SUCCESS }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, NS_SUCCESS }, ++#endif /* WITHOUT_NIS */ + { NULL, 0 } +}; + +static int files_check_host_by_key_or_type(void *, void *, va_list); ++#ifndef WITHOUT_NIS ++static int nis_check_host_by_key_or_type(void *, void *, va_list); ++#endif /* WITHOUT_NIS */ + +/* files backend implementation */ +static int @@ -101,10 +117,10 @@ + found, &numret); + } + -+ debug3("files_check_host_by_key_or_type: CHECK_HOST - %d", rv); ++ debug3("files_check_host_by_key_or_type: check_host result %d", rv); + if (result != NULL) + *((int *)result) = rv; -+ return ((rv == HOST_NEW) ? NS_NOTFOUND : NS_SUCCESS); ++ return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); + + case LOOKUP_KEY_BY_TYPE: + filename = nsswitch_files_conf.system_hostfile; @@ -116,7 +132,171 @@ + keytype, found, &numret) == HOST_FOUND); + } + -+ debug3("files_check_host_by_key_or_type: LOOKUP_KEY_BY_TYPE - %d", rv); ++ debug3("files_check_host_by_key_or_type: lookup_key_by_type result %d", rv); ++ if (result != NULL) ++ *((int *)result) = rv; ++ return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); ++ } ++ ++ return (NS_NOTFOUND); ++} ++ ++#ifndef WITHOUT_NIS ++/* NIS backend implementation */ ++static HostStatus ++check_host_in_nis_by_key_or_type(const char *host, const Key *key, ++ int keytype, Key *found, int *numret) ++{ ++ u_int kbits; ++ int linenum; ++ char *cp, *cp2, *hashed_host; ++ HostStatus end_return; ++ ++ char *domain; ++ char *lastkey; ++ char *current; ++ int current_len; ++ ++ char *resultbuf; ++ int resultbuf_len; ++ int rv; ++ ++ ++ if (yp_get_default_domain(&domain) != 0) { ++ debug3("check_host_in_nis: can't get the NIS domain"); ++ return (HOST_NEW); ++ } ++ ++ current = NULL; ++ current_len = 0; ++ resultbuf = NULL; ++ resultbuf_len = 0; ++ linenum = 0; ++ ++ rv = yp_first(domain, "ssh_hostkeys", ¤t, ¤t_len, ++ &resultbuf, &resultbuf_len); ++ end_return = HOST_NEW; ++ while (rv == 0) { ++ cp = resultbuf; ++ ++ /* comments, trailing spaces and tabs should be deleted during ++ NIS map making, but we still should check for them - just in case */ ++ for (; *cp == ' ' || *cp == '\t'; cp++) ++ ; ++ if (!*cp || *cp == '#' || *cp == '\n') ++ goto next_iter; ++ ++ /* Find the end of the host name portion. */ ++ for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) ++ ; ++ ++ if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) { ++ if (*cp != HASH_DELIM) ++ goto next_iter; ++ hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); ++ if (hashed_host == NULL) { ++ debug("Invalid hashed host line %d of NIS source", ++ linenum); ++ goto next_iter; ++ } ++ if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) ++ goto next_iter; ++ } ++ ++ /* Got a match. Skip host name. */ ++ cp = cp2; ++ ++ /* ++ * Extract the key from the line. This will skip any leading ++ * whitespace. Ignore badly formatted lines. ++ */ ++ if (!hostfile_read_key(&cp, &kbits, found)) ++ goto next_iter; ++ ++ if (numret != NULL) ++ *numret = linenum; ++ ++ if (key == NULL) { ++ /* we found a key of the requested type */ ++ if (found->type == keytype) { ++ end_return = HOST_FOUND; ++ goto fin; ++ } ++ goto next_iter; ++ } ++ ++ if (!hostfile_check_key(kbits, found, host, "NIS source", linenum)) ++ goto next_iter; ++ ++ /* Check if the current key is the same as the given key. */ ++ if (key_equal(key, found)) { ++ /* Ok, they match. */ ++ debug3("check_host_in_nis: match line %d", linenum); ++ end_return = HOST_OK; ++ goto fin; ++ } ++ /* ++ * They do not match. We will continue to go through the ++ * file; however, we note that we will not return that it is ++ * new. ++ */ ++ end_return = HOST_CHANGED; ++ ++next_iter: ++ lastkey = current; ++ rv = yp_next(domain, "ssh_hostkeys", current, current_len, ++ ¤t, ¤t_len, &resultbuf, &resultbuf_len); ++ free(lastkey); ++ ++ ++linenum; ++ } ++ ++fin: ++ free(resultbuf); ++ return (end_return); ++} ++ ++static int ++nis_check_host_by_key_or_type(void *result, void *mdata, va_list ap) ++{ ++ const char *host; ++ const Key *key; ++ Key *found; ++ int keytype; ++ ++ int rv, numret; ++ enum constants how; ++ ++ how = (enum constants)mdata; ++ switch (how) { ++ case CHECK_HOST: ++ host = va_arg(ap, const char *); ++ key = va_arg(ap, const Key *); ++ found = va_arg(ap, Key *); ++ break; ++ case LOOKUP_KEY_BY_TYPE: ++ host = va_arg(ap, const char *); ++ keytype = va_arg(ap, int); ++ found = va_arg(ap, Key *); ++ break; ++ default: ++ return NS_NOTFOUND; ++ } ++ ++ switch (how) { ++ case CHECK_HOST: ++ rv = check_host_in_nis_by_key_or_type(host, key, 0, found, &numret); ++ ++ debug3("nis_check_host_by_key_or_type: check_host result %d", rv); ++ if (result != NULL) ++ *((int *)result) = rv; ++ return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); ++ ++ case LOOKUP_KEY_BY_TYPE: ++ rv = (check_host_in_nis_by_key_or_type(host, NULL, keytype, found, ++ &numret) == HOST_FOUND); ++ ++ debug3("nis_check_host_by_key_or_type: lookup_key_by_type result %d", rv); + if (result != NULL) + *((int *)result) = rv; + return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); @@ -124,6 +304,7 @@ + + return (NS_NOTFOUND); +} ++#endif /* WITHOUT_NIS */ + +/* nsswitch interface functions implementation */ +HostStatus @@ -131,6 +312,9 @@ +{ + static const ns_dtab dtab[] = { + { NSSRC_FILES, files_check_host_by_key_or_type, (void *)CHECK_HOST }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)CHECK_HOST }, ++#endif /* WITHOUT_NIS */ + { NULL, NULL, NULL } + }; + @@ -155,6 +339,9 @@ +{ + static const ns_dtab dtab[] = { + { NSSRC_FILES, files_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, ++#endif /* WITHOUT_NIS */ + { NULL, NULL, NULL } + }; + ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-hostfile.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/patches/patch-sshconnect.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/Makefile#6 (text+ko) ==== @@ -53,11 +53,17 @@ PORTABLE_SUFFIX= -portable USE_NSSWITCH= yes +# Uncomment the next line to omit the nsswitch NIS support (NIS source) +# WITHOUT_NIS= yes .if defined(USE_NSSWITCH) CFLAGS+= -DUSE_NSSWITCH .endif +.if defined(WITHOUT_NIS) +CFLAGS+= -DWITHOUT_NIS +.endif + USE_AUTOCONF_VER= 253 AUTOCONF_ARGS+= -o configure configure.ac ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/distinfo#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/batch.patch#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/gss-serv.c.patch#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth-pam.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth-rh.rsa.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth1.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth2-hostbased.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-auth2.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-clientloop.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-config.h.in#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-configure.ac#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-fake-rfc2553.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-hostfile.c#4 (text+ko) ==== @@ -1,6 +1,6 @@ ---- hostfile.c.orig Mon Mar 14 15:08:12 2005 -+++ hostfile.c Mon Jul 18 15:27:23 2005 -@@ -38,16 +38,172 @@ +--- /tmp2/usr/ports/security/openssh-portable/work/openssh-4.1p1/hostfile.c Mon Mar 14 15:08:12 2005 ++++ hostfile.c Tue Aug 9 13:13:17 2005 +@@ -38,16 +38,359 @@ #include "includes.h" RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $"); @@ -25,6 +25,11 @@ + +#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH) + ++#ifndef WITHOUT_NIS ++#include <rpcsvc/ypclnt.h> ++#include <rpcsvc/yp.h> ++#endif /* WITHOUT_NIS */ ++ +#ifndef NSDB_SSH_HOSTKEYS +#define NSDB_SSH_HOSTKEYS "ssh_hostkeys" +#endif /* NSDB_SSH_HOSTKEYS */ @@ -46,8 +51,13 @@ + nsswitch_files_conf.system_hostfile2 = system_hostfile2; +} + ++static int hostfile_check_key(int, const Key *, const char *, const char *, int); +static HostStatus check_host_in_hostfile_by_key_or_type(const char *, + const char *, const Key *, int, Key *, int *); ++#ifndef WITHOUT_NIS ++static HostStatus check_host_in_nis_by_key_or_type(const char *, ++ const Key *, int, Key *, int *); ++#endif /* WITHOUT_NIS */ + +enum constants { + CHECK_HOST, @@ -56,10 +66,16 @@ + +static const ns_src defaultsrc[] = { + { NSSRC_FILES, NS_SUCCESS }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, NS_SUCCESS }, ++#endif /* WITHOUT_NIS */ + { NULL, 0 } +}; + +static int files_check_host_by_key_or_type(void *, void *, va_list); ++#ifndef WITHOUT_NIS ++static int nis_check_host_by_key_or_type(void *, void *, va_list); ++#endif /* WITHOUT_NIS */ + +/* files backend implementation */ +static int @@ -101,10 +117,10 @@ + found, &numret); + } + -+ debug3("files_check_host_by_key_or_type: CHECK_HOST - %d", rv); ++ debug3("files_check_host_by_key_or_type: check_host result %d", rv); + if (result != NULL) + *((int *)result) = rv; -+ return ((rv == HOST_NEW) ? NS_NOTFOUND : NS_SUCCESS); ++ return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); + + case LOOKUP_KEY_BY_TYPE: + filename = nsswitch_files_conf.system_hostfile; @@ -116,7 +132,171 @@ + keytype, found, &numret) == HOST_FOUND); + } + -+ debug3("files_check_host_by_key_or_type: LOOKUP_KEY_BY_TYPE - %d", rv); ++ debug3("files_check_host_by_key_or_type: lookup_key_by_type result %d", rv); ++ if (result != NULL) ++ *((int *)result) = rv; ++ return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); ++ } ++ ++ return (NS_NOTFOUND); ++} ++ ++#ifndef WITHOUT_NIS ++/* NIS backend implementation */ ++static HostStatus ++check_host_in_nis_by_key_or_type(const char *host, const Key *key, ++ int keytype, Key *found, int *numret) ++{ ++ u_int kbits; ++ int linenum; ++ char *cp, *cp2, *hashed_host; ++ HostStatus end_return; ++ ++ char *domain; ++ char *lastkey; ++ char *current; ++ int current_len; ++ ++ char *resultbuf; ++ int resultbuf_len; ++ int rv; ++ ++ ++ if (yp_get_default_domain(&domain) != 0) { ++ debug3("check_host_in_nis: can't get the NIS domain"); ++ return (HOST_NEW); ++ } ++ ++ current = NULL; ++ current_len = 0; ++ resultbuf = NULL; ++ resultbuf_len = 0; ++ linenum = 0; ++ ++ rv = yp_first(domain, "ssh_hostkeys", ¤t, ¤t_len, ++ &resultbuf, &resultbuf_len); ++ end_return = HOST_NEW; ++ while (rv == 0) { ++ cp = resultbuf; ++ ++ /* comments, trailing spaces and tabs should be deleted during ++ NIS map making, but we still should check for them - just in case */ ++ for (; *cp == ' ' || *cp == '\t'; cp++) ++ ; ++ if (!*cp || *cp == '#' || *cp == '\n') ++ goto next_iter; ++ ++ /* Find the end of the host name portion. */ ++ for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) ++ ; ++ ++ if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) { ++ if (*cp != HASH_DELIM) ++ goto next_iter; ++ hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); ++ if (hashed_host == NULL) { ++ debug("Invalid hashed host line %d of NIS source", ++ linenum); ++ goto next_iter; ++ } ++ if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) ++ goto next_iter; ++ } ++ ++ /* Got a match. Skip host name. */ ++ cp = cp2; ++ ++ /* ++ * Extract the key from the line. This will skip any leading ++ * whitespace. Ignore badly formatted lines. ++ */ ++ if (!hostfile_read_key(&cp, &kbits, found)) ++ goto next_iter; ++ ++ if (numret != NULL) ++ *numret = linenum; ++ ++ if (key == NULL) { ++ /* we found a key of the requested type */ ++ if (found->type == keytype) { ++ end_return = HOST_FOUND; ++ goto fin; ++ } ++ goto next_iter; ++ } ++ ++ if (!hostfile_check_key(kbits, found, host, "NIS source", linenum)) ++ goto next_iter; ++ ++ /* Check if the current key is the same as the given key. */ ++ if (key_equal(key, found)) { ++ /* Ok, they match. */ ++ debug3("check_host_in_nis: match line %d", linenum); ++ end_return = HOST_OK; ++ goto fin; ++ } ++ /* ++ * They do not match. We will continue to go through the ++ * file; however, we note that we will not return that it is ++ * new. ++ */ ++ end_return = HOST_CHANGED; ++ ++next_iter: ++ lastkey = current; ++ rv = yp_next(domain, "ssh_hostkeys", current, current_len, ++ ¤t, ¤t_len, &resultbuf, &resultbuf_len); ++ free(lastkey); ++ ++ ++linenum; ++ } ++ ++fin: ++ free(resultbuf); ++ return (end_return); ++} ++ ++static int ++nis_check_host_by_key_or_type(void *result, void *mdata, va_list ap) ++{ ++ const char *host; ++ const Key *key; ++ Key *found; ++ int keytype; ++ ++ int rv, numret; ++ enum constants how; ++ ++ how = (enum constants)mdata; ++ switch (how) { ++ case CHECK_HOST: ++ host = va_arg(ap, const char *); ++ key = va_arg(ap, const Key *); ++ found = va_arg(ap, Key *); ++ break; ++ case LOOKUP_KEY_BY_TYPE: ++ host = va_arg(ap, const char *); ++ keytype = va_arg(ap, int); ++ found = va_arg(ap, Key *); ++ break; ++ default: ++ return NS_NOTFOUND; ++ } ++ ++ switch (how) { ++ case CHECK_HOST: ++ rv = check_host_in_nis_by_key_or_type(host, key, 0, found, &numret); ++ ++ debug3("nis_check_host_by_key_or_type: check_host result %d", rv); ++ if (result != NULL) ++ *((int *)result) = rv; ++ return ((rv != HOST_OK) ? NS_NOTFOUND : NS_SUCCESS); ++ ++ case LOOKUP_KEY_BY_TYPE: ++ rv = (check_host_in_nis_by_key_or_type(host, NULL, keytype, found, ++ &numret) == HOST_FOUND); ++ ++ debug3("nis_check_host_by_key_or_type: lookup_key_by_type result %d", rv); + if (result != NULL) + *((int *)result) = rv; + return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS); @@ -124,6 +304,7 @@ + + return (NS_NOTFOUND); +} ++#endif /* WITHOUT_NIS */ + +/* nsswitch interface functions implementation */ +HostStatus @@ -131,6 +312,9 @@ +{ + static const ns_dtab dtab[] = { + { NSSRC_FILES, files_check_host_by_key_or_type, (void *)CHECK_HOST }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)CHECK_HOST }, ++#endif /* WITHOUT_NIS */ + { NULL, NULL, NULL } + }; + @@ -155,6 +339,9 @@ +{ + static const ns_dtab dtab[] = { + { NSSRC_FILES, files_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, ++#ifndef WITHOUT_NIS ++ { NSSRC_NIS, nis_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE }, ++#endif /* WITHOUT_NIS */ + { NULL, NULL, NULL } + }; + ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-hostfile.h#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-loginrec.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-regress-test-exec.sh#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-session.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshconnect.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshd.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshd_config#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/patch-sshpty.c#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/servconf.c.patch#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/files/sshd.sh#4 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-descr#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-message#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/port/pkg-plist#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/result_copy.sh#3 (text+ko) ==== ==== //depot/projects/soc2005/nsswitch_cached/tests/ssh_hostkeys_test/sshconnect.c#4 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508091010.j79AAMJr007041>