Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Oct 2018 19:27:42 +0000 (UTC)
From:      =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r339263 - head/crypto/openssh
Message-ID:  <201810091927.w99JRgeR071028@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Tue Oct  9 19:27:42 2018
New Revision: 339263
URL: https://svnweb.freebsd.org/changeset/base/339263

Log:
  Fix portability issues with the Capsicum patch committed in r339216:
  
  - Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
  - Wrap calls to login_cap(3) API in appropriate #ifdefs.
  - Add wrapper for transferring time_t, which is still only 32 bits wide
    on FreeBSD i386.
  - Use a temporary variable to deserialize size_t.
  
  Approved by:	re (gjb)

Modified:
  head/crypto/openssh/monitor.c
  head/crypto/openssh/monitor_wrap.c
  head/crypto/openssh/monitor_wrap.h
  head/crypto/openssh/sshbuf-getput-basic.c
  head/crypto/openssh/sshbuf.h

Modified: head/crypto/openssh/monitor.c
==============================================================================
--- head/crypto/openssh/monitor.c	Tue Oct  9 18:40:36 2018	(r339262)
+++ head/crypto/openssh/monitor.c	Tue Oct  9 19:27:42 2018	(r339263)
@@ -114,7 +114,9 @@ static struct sshbuf *child_state;
 
 int mm_answer_moduli(int, struct sshbuf *);
 int mm_answer_sign(int, struct sshbuf *);
+#ifdef HAVE_LOGIN_CAP
 int mm_answer_login_getpwclass(int, struct sshbuf *);
+#endif
 int mm_answer_pwnamallow(int, struct sshbuf *);
 int mm_answer_auth2_read_banner(int, struct sshbuf *);
 int mm_answer_authserv(int, struct sshbuf *);
@@ -190,7 +192,9 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
 #endif
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+#ifdef HAVE_LOGIN_CAP
     {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass},
+#endif
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
@@ -709,6 +713,7 @@ mm_answer_sign(int sock, struct sshbuf *m)
 	return (0);
 }
 
+#ifdef HAVE_LOGIN_CAP
 int
 mm_answer_login_getpwclass(int sock, struct sshbuf *m)
 {
@@ -748,6 +753,7 @@ mm_answer_login_getpwclass(int sock, struct sshbuf *m)
 
 	return (0);
 }
+#endif
 
 /* Retrieves the password entry and also checks if the user is permitted */
 

Modified: head/crypto/openssh/monitor_wrap.c
==============================================================================
--- head/crypto/openssh/monitor_wrap.c	Tue Oct  9 18:40:36 2018	(r339262)
+++ head/crypto/openssh/monitor_wrap.c	Tue Oct  9 19:27:42 2018	(r339263)
@@ -247,6 +247,7 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size
 	return (0);
 }
 
+#ifdef HAVE_LOGIN_CAP
 login_cap_t *
 mm_login_getpwclass(const struct passwd *pwent)
 {
@@ -286,7 +287,9 @@ mm_login_getpwclass(const struct passwd *pwent)
 
 	return (lc);
 }
+#endif
 
+#ifdef HAVE_LOGIN_CAP
 void
 mm_login_close(login_cap_t *lc)
 {
@@ -297,6 +300,7 @@ mm_login_close(login_cap_t *lc)
 	free(lc->lc_cap);
 	free(lc);
 }
+#endif
 
 struct passwd *
 mm_getpwnamallow(const char *username)

Modified: head/crypto/openssh/monitor_wrap.h
==============================================================================
--- head/crypto/openssh/monitor_wrap.h	Tue Oct  9 18:40:36 2018	(r339262)
+++ head/crypto/openssh/monitor_wrap.h	Tue Oct  9 19:27:42 2018	(r339263)
@@ -28,8 +28,6 @@
 #ifndef _MM_WRAP_H_
 #define _MM_WRAP_H_
 
-#include <login_cap.h>
-
 extern int use_privsep;
 #define PRIVSEP(x)	(use_privsep ? mm_##x : x)
 
@@ -46,9 +44,11 @@ DH *mm_choose_dh(int, int, int);
 int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
     const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
+#ifdef HAVE_LOGIN_CAP
+struct login_cap *mm_login_getpwclass(const struct passwd *pwd);
+void mm_login_close(struct login_cap *lc);
+#endif
 struct passwd *mm_getpwnamallow(const char *);
-login_cap_t *mm_login_getpwclass(const struct passwd *pwd);
-void mm_login_close(login_cap_t *lc);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,

Modified: head/crypto/openssh/sshbuf-getput-basic.c
==============================================================================
--- head/crypto/openssh/sshbuf-getput-basic.c	Tue Oct  9 18:40:36 2018	(r339262)
+++ head/crypto/openssh/sshbuf-getput-basic.c	Tue Oct  9 19:27:42 2018	(r339263)
@@ -482,7 +482,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas
 	    (r = sshbuf_put_cstring(buf, "*")) != 0 ||
 	    (r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 ||
 	    (r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 ||
-	    (r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	    (r = sshbuf_put_time(buf, pwent->pw_change)) != 0 ||
+#endif
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	    (r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 ||
 #endif
@@ -491,7 +493,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct pas
 #endif
 	    (r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 ||
 	    (r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 ||
-	    (r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	    (r = sshbuf_put_time(buf, pwent->pw_expire)) != 0 ||
+#endif
 	    (r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) {
 		return r;
 	}
@@ -505,8 +509,8 @@ struct passwd *
 sshbuf_get_passwd(struct sshbuf *buf)
 {
 	struct passwd *pw;
+	u_int64_t len;
 	int r;
-	size_t len;
 
 	/* check if size of struct passwd is as same as sender's size */
 	r = sshbuf_get_u64(buf, &len);
@@ -518,7 +522,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
 	    sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 ||
 	    sshbuf_get_u32(buf, &pw->pw_uid) != 0 ||
 	    sshbuf_get_u32(buf, &pw->pw_gid) != 0 ||
-	    sshbuf_get_u64(buf, &pw->pw_change) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	    sshbuf_get_time(buf, &pw->pw_change) != 0 ||
+#endif
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	    sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 ||
 #endif
@@ -527,7 +533,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
 #endif
 	    sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 ||
 	    sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 ||
-	    sshbuf_get_u64(buf, &pw->pw_expire) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	    sshbuf_get_time(buf, &pw->pw_expire) != 0 ||
+#endif
 	    sshbuf_get_u32(buf, &pw->pw_fields) != 0) {
 		sshbuf_free_passwd(pw);
 		return NULL;

Modified: head/crypto/openssh/sshbuf.h
==============================================================================
--- head/crypto/openssh/sshbuf.h	Tue Oct  9 18:40:36 2018	(r339262)
+++ head/crypto/openssh/sshbuf.h	Tue Oct  9 19:27:42 2018	(r339263)
@@ -21,7 +21,6 @@
 #include <sys/types.h>
 #include <stdarg.h>
 #include <stdio.h>
-#include <pwd.h>
 #ifdef WITH_OPENSSL
 # include <openssl/bn.h>
 # ifdef OPENSSL_HAS_ECC
@@ -176,6 +175,14 @@ int	sshbuf_put_u64(struct sshbuf *buf, u_int64_t val);
 int	sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
 int	sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
 int	sshbuf_put_u8(struct sshbuf *buf, u_char val);
+
+#if defined(__FreeBSD__) && defined(__i386__)
+#define sshbuf_get_time(b, vp) sshbuf_get_u32((b), (u_int32_t *)(vp))
+#define sshbuf_put_time(b, v) sshbuf_put_u32((b), (u_int32_t)(v))
+#else
+#define sshbuf_get_time(b, vp) sshbuf_get_u64((b), (u_int64_t *)(vp))
+#define sshbuf_put_time(b, v) sshbuf_put_u64((b), (u_int64_t)(v))
+#endif
 
 /*
  * Functions to extract or store SSH wire encoded strings (u32 len || data)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810091927.w99JRgeR071028>