d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix portability issues with the Capsicum patch committed in r339216:

Browse Source 
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
  on FreeBSD i386.
- Use a temporary variable to deserialize size_t.

Approved by:	re (gjb)
This commit is contained in:
Dag-Erling Smørgrav 2018-10-09 19:27:42 +00:00
parent 6f1f1a6395
commit bd393de91c
5 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/openssh/monitor.c
View File

@ -114,7 +114,9 @@ static struct sshbuf *child_state;
int mm_answer_moduli(int, struct sshbuf *);
int mm_answer_sign(int, struct sshbuf *);
#ifdef HAVE_LOGIN_CAP
int mm_answer_login_getpwclass(int, struct sshbuf *);
#endif
int mm_answer_pwnamallow(int, struct sshbuf *);
int mm_answer_auth2_read_banner(int, struct sshbuf *);
int mm_answer_authserv(int, struct sshbuf *);
@ -190,7 +192,9 @@ struct mon_table mon_dispatch_proto20[] = {
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
#endif
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
#ifdef HAVE_LOGIN_CAP
{MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass},
#endif
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
@ -709,6 +713,7 @@ mm_answer_sign(int sock, struct sshbuf *m)
return (0);
}
#ifdef HAVE_LOGIN_CAP
int
mm_answer_login_getpwclass(int sock, struct sshbuf *m)
{
@ -748,6 +753,7 @@ mm_answer_login_getpwclass(int sock, struct sshbuf *m)
return (0);
}
#endif
/* Retrieves the password entry and also checks if the user is permitted */

4
crypto/openssh/monitor_wrap.c
View File

@ -247,6 +247,7 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
return (0);
}
#ifdef HAVE_LOGIN_CAP
login_cap_t *
mm_login_getpwclass(const struct passwd *pwent)
{
@ -286,7 +287,9 @@ mm_login_getpwclass(const struct passwd *pwent)
return (lc);
}
#endif
#ifdef HAVE_LOGIN_CAP
void
mm_login_close(login_cap_t *lc)
{
@ -297,6 +300,7 @@ mm_login_close(login_cap_t *lc)
free(lc->lc_cap);
free(lc);
}
#endif
struct passwd *
mm_getpwnamallow(const char *username)

8
crypto/openssh/monitor_wrap.h
View File

@ -28,8 +28,6 @@
#ifndef _MM_WRAP_H_
#define _MM_WRAP_H_
#include <login_cap.h>
extern int use_privsep;
#define PRIVSEP(x) (use_privsep ? mm_##x : x)
@ -46,9 +44,11 @@ DH *mm_choose_dh(int, int, int);
int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
const char *, u_int compat);
void mm_inform_authserv(char *, char *);
#ifdef HAVE_LOGIN_CAP
struct login_cap *mm_login_getpwclass(const struct passwd *pwd);
void mm_login_close(struct login_cap *lc);
#endif
struct passwd *mm_getpwnamallow(const char *);
login_cap_t *mm_login_getpwclass(const struct passwd *pwd);
void mm_login_close(login_cap_t *lc);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct ssh *, char *);
int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,

18
crypto/openssh/sshbuf-getput-basic.c
View File

@ -482,7 +482,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent)
(r = sshbuf_put_cstring(buf, "*")) != 0 ||
(r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 ||
(r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 ||
(r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
(r = sshbuf_put_time(buf, pwent->pw_change)) != 0 ||
#endif
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
(r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 ||
#endif
@ -491,7 +493,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent)
#endif
(r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 ||
(r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 ||
(r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
(r = sshbuf_put_time(buf, pwent->pw_expire)) != 0 ||
#endif
(r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) {
return r;
}
@ -505,8 +509,8 @@ struct passwd *
sshbuf_get_passwd(struct sshbuf *buf)
{
struct passwd *pw;
u_int64_t len;
int r;
size_t len;
/* check if size of struct passwd is as same as sender's size */
r = sshbuf_get_u64(buf, &len);
@ -518,7 +522,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 ||
sshbuf_get_u32(buf, &pw->pw_uid) != 0 ||
sshbuf_get_u32(buf, &pw->pw_gid) != 0 ||
sshbuf_get_u64(buf, &pw->pw_change) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
sshbuf_get_time(buf, &pw->pw_change) != 0 ||
#endif
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 ||
#endif
@ -527,7 +533,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
#endif
sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 ||
sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 ||
sshbuf_get_u64(buf, &pw->pw_expire) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
sshbuf_get_time(buf, &pw->pw_expire) != 0 ||
#endif
sshbuf_get_u32(buf, &pw->pw_fields) != 0) {
sshbuf_free_passwd(pw);
return NULL;

9
crypto/openssh/sshbuf.h
View File

@ -21,7 +21,6 @@
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <pwd.h>
#ifdef WITH_OPENSSL
# include <openssl/bn.h>
# ifdef OPENSSL_HAS_ECC
@ -177,6 +176,14 @@ int sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
int sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
int sshbuf_put_u8(struct sshbuf *buf, u_char val);
#if defined(__FreeBSD__) && defined(__i386__)
#define sshbuf_get_time(b, vp) sshbuf_get_u32((b), (u_int32_t *)(vp))
#define sshbuf_put_time(b, v) sshbuf_put_u32((b), (u_int32_t)(v))
#else
#define sshbuf_get_time(b, vp) sshbuf_get_u64((b), (u_int64_t *)(vp))
#define sshbuf_put_time(b, v) sshbuf_put_u64((b), (u_int64_t)(v))
#endif
/*
* Functions to extract or store SSH wire encoded strings (u32 len || data)
* The "cstring" variants admit no \0 characters in the string contents.