From owner-svn-src-all@freebsd.org Tue Oct 9 19:27:44 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F9710B96DD; Tue, 9 Oct 2018 19:27:44 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1A3477889A; Tue, 9 Oct 2018 19:27:44 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 09CC9167BF; Tue, 9 Oct 2018 19:27:44 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w99JRhvI071033; Tue, 9 Oct 2018 19:27:43 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w99JRgeR071028; Tue, 9 Oct 2018 19:27:42 GMT (envelope-from des@FreeBSD.org) Message-Id: <201810091927.w99JRgeR071028@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Tue, 9 Oct 2018 19:27:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339263 - head/crypto/openssh X-SVN-Group: head X-SVN-Commit-Author: des X-SVN-Commit-Paths: head/crypto/openssh X-SVN-Commit-Revision: 339263 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2018 19:27:44 -0000 Author: des Date: Tue Oct 9 19:27:42 2018 New Revision: 339263 URL: https://svnweb.freebsd.org/changeset/base/339263 Log: Fix portability issues with the Capsicum patch committed in r339216: - Wrap access to pw_change and pw_expire in the appropriate #ifdefs. - Wrap calls to login_cap(3) API in appropriate #ifdefs. - Add wrapper for transferring time_t, which is still only 32 bits wide on FreeBSD i386. - Use a temporary variable to deserialize size_t. Approved by: re (gjb) Modified: head/crypto/openssh/monitor.c head/crypto/openssh/monitor_wrap.c head/crypto/openssh/monitor_wrap.h head/crypto/openssh/sshbuf-getput-basic.c head/crypto/openssh/sshbuf.h Modified: head/crypto/openssh/monitor.c ============================================================================== --- head/crypto/openssh/monitor.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor.c Tue Oct 9 19:27:42 2018 (r339263) @@ -114,7 +114,9 @@ static struct sshbuf *child_state; int mm_answer_moduli(int, struct sshbuf *); int mm_answer_sign(int, struct sshbuf *); +#ifdef HAVE_LOGIN_CAP int mm_answer_login_getpwclass(int, struct sshbuf *); +#endif int mm_answer_pwnamallow(int, struct sshbuf *); int mm_answer_auth2_read_banner(int, struct sshbuf *); int mm_answer_authserv(int, struct sshbuf *); @@ -190,7 +192,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, #endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, +#ifdef HAVE_LOGIN_CAP {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass}, +#endif {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, @@ -709,6 +713,7 @@ mm_answer_sign(int sock, struct sshbuf *m) return (0); } +#ifdef HAVE_LOGIN_CAP int mm_answer_login_getpwclass(int sock, struct sshbuf *m) { @@ -748,6 +753,7 @@ mm_answer_login_getpwclass(int sock, struct sshbuf *m) return (0); } +#endif /* Retrieves the password entry and also checks if the user is permitted */ Modified: head/crypto/openssh/monitor_wrap.c ============================================================================== --- head/crypto/openssh/monitor_wrap.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor_wrap.c Tue Oct 9 19:27:42 2018 (r339263) @@ -247,6 +247,7 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size return (0); } +#ifdef HAVE_LOGIN_CAP login_cap_t * mm_login_getpwclass(const struct passwd *pwent) { @@ -286,7 +287,9 @@ mm_login_getpwclass(const struct passwd *pwent) return (lc); } +#endif +#ifdef HAVE_LOGIN_CAP void mm_login_close(login_cap_t *lc) { @@ -297,6 +300,7 @@ mm_login_close(login_cap_t *lc) free(lc->lc_cap); free(lc); } +#endif struct passwd * mm_getpwnamallow(const char *username) Modified: head/crypto/openssh/monitor_wrap.h ============================================================================== --- head/crypto/openssh/monitor_wrap.h Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/monitor_wrap.h Tue Oct 9 19:27:42 2018 (r339263) @@ -28,8 +28,6 @@ #ifndef _MM_WRAP_H_ #define _MM_WRAP_H_ -#include - extern int use_privsep; #define PRIVSEP(x) (use_privsep ? mm_##x : x) @@ -46,9 +44,11 @@ DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); +#ifdef HAVE_LOGIN_CAP +struct login_cap *mm_login_getpwclass(const struct passwd *pwd); +void mm_login_close(struct login_cap *lc); +#endif struct passwd *mm_getpwnamallow(const char *); -login_cap_t *mm_login_getpwclass(const struct passwd *pwd); -void mm_login_close(login_cap_t *lc); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, Modified: head/crypto/openssh/sshbuf-getput-basic.c ============================================================================== --- head/crypto/openssh/sshbuf-getput-basic.c Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/sshbuf-getput-basic.c Tue Oct 9 19:27:42 2018 (r339263) @@ -482,7 +482,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas (r = sshbuf_put_cstring(buf, "*")) != 0 || (r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 || (r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 || - (r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE + (r = sshbuf_put_time(buf, pwent->pw_change)) != 0 || +#endif #ifdef HAVE_STRUCT_PASSWD_PW_GECOS (r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 || #endif @@ -491,7 +493,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas #endif (r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 || (r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 || - (r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE + (r = sshbuf_put_time(buf, pwent->pw_expire)) != 0 || +#endif (r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) { return r; } @@ -505,8 +509,8 @@ struct passwd * sshbuf_get_passwd(struct sshbuf *buf) { struct passwd *pw; + u_int64_t len; int r; - size_t len; /* check if size of struct passwd is as same as sender's size */ r = sshbuf_get_u64(buf, &len); @@ -518,7 +522,9 @@ sshbuf_get_passwd(struct sshbuf *buf) sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 || sshbuf_get_u32(buf, &pw->pw_uid) != 0 || sshbuf_get_u32(buf, &pw->pw_gid) != 0 || - sshbuf_get_u64(buf, &pw->pw_change) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE + sshbuf_get_time(buf, &pw->pw_change) != 0 || +#endif #ifdef HAVE_STRUCT_PASSWD_PW_GECOS sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 || #endif @@ -527,7 +533,9 @@ sshbuf_get_passwd(struct sshbuf *buf) #endif sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 || sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 || - sshbuf_get_u64(buf, &pw->pw_expire) != 0 || +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE + sshbuf_get_time(buf, &pw->pw_expire) != 0 || +#endif sshbuf_get_u32(buf, &pw->pw_fields) != 0) { sshbuf_free_passwd(pw); return NULL; Modified: head/crypto/openssh/sshbuf.h ============================================================================== --- head/crypto/openssh/sshbuf.h Tue Oct 9 18:40:36 2018 (r339262) +++ head/crypto/openssh/sshbuf.h Tue Oct 9 19:27:42 2018 (r339263) @@ -21,7 +21,6 @@ #include #include #include -#include #ifdef WITH_OPENSSL # include # ifdef OPENSSL_HAS_ECC @@ -176,6 +175,14 @@ int sshbuf_put_u64(struct sshbuf *buf, u_int64_t val); int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val); int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val); int sshbuf_put_u8(struct sshbuf *buf, u_char val); + +#if defined(__FreeBSD__) && defined(__i386__) +#define sshbuf_get_time(b, vp) sshbuf_get_u32((b), (u_int32_t *)(vp)) +#define sshbuf_put_time(b, v) sshbuf_put_u32((b), (u_int32_t)(v)) +#else +#define sshbuf_get_time(b, vp) sshbuf_get_u64((b), (u_int64_t *)(vp)) +#define sshbuf_put_time(b, v) sshbuf_put_u64((b), (u_int64_t)(v)) +#endif /* * Functions to extract or store SSH wire encoded strings (u32 len || data)