nomachine + additional changes applied to openssh 7.1p1 source base

Author: arif-pragmasys

Makefile.in

@@ -59,7 +59,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ -Lcontrib/win32/win32compat @LDFLAGS@
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
 
 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
 	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \

addrmatch.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <[email protected]>
@@ -31,7 +31,6 @@
 
 #include "match.h"
 #include "log.h"
-#include "xmalloc.h"
 
 struct xaddr {
 	sa_family_t	af;
@@ -88,13 +87,13 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
 
 	switch (sa->sa_family) {
 	case AF_INET:
-		if (slen < sizeof(*in4))
+		if (slen < (socklen_t)sizeof(*in4))
 			return -1;
 		xa->af = AF_INET;
 		memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
 		break;
 	case AF_INET6:
-		if (slen < sizeof(*in6))
+		if (slen < (socklen_t)sizeof(*in6))
 			return -1;
 		xa->af = AF_INET6;
 		memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
@@ -318,7 +317,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
 	char addrbuf[64], *mp, *cp;
 
 	/* Don't modify argument */
-	if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf))
+	if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
 		return -1;
 
 	if ((mp = strchr(addrbuf, '/')) != NULL) {
@@ -420,7 +419,7 @@ addr_match_list(const char *addr, const char *_list)
 				goto foundit;
 		}
 	}
-	xfree(o);
+	free(o);
 
 	return ret;
 }
@@ -494,7 +493,7 @@ addr_match_cidr_list(const char *addr, const char *_list)
 			continue;
 		}
 	}
-	xfree(o);
+	free(o);
 
 	return ret;
 }

atomicio.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: atomicio.c,v 1.26 2010/09/22 22:58:51 djm Exp $ */
+/* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */
 /*
  * Copyright (c) 2006 Damien Miller. All rights reserved.
  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -41,6 +41,7 @@
 #endif
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 
 #include "atomicio.h"
 
@@ -56,16 +57,20 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
 	ssize_t res;
 	struct pollfd pfd;
 
+#ifndef BROKEN_READ_COMPARISON
 	pfd.fd = fd;
 	pfd.events = f == read ? POLLIN : POLLOUT;
+#endif
 	while (n > pos) {
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
 			if (errno == EINTR)
 				continue;
 			if (errno == EAGAIN || errno == EWOULDBLOCK) {
+#ifndef BROKEN_READ_COMPARISON
 				(void)poll(&pfd, 1, -1);
+#endif
 				continue;
 			}
 			return 0;

audit-bsm.c

@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */
 
 /*
  * TODO
@@ -55,6 +55,10 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef BROKEN_BSM_API
+#include <libscf.h>
+#endif
+
 #include "ssh.h"
 #include "log.h"
 #include "key.h"
@@ -124,6 +128,12 @@ extern int	aug_daemon_session(void);
 extern Authctxt *the_authctxt;
 static AuditInfoTermID ssh_bsm_tid;
 
+#ifdef BROKEN_BSM_API
+/* For some reason this constant is no longer defined
+   in Solaris 11. */
+#define BSM_TEXTBUFSZ 256
+#endif
+
 /* Below is the low-level BSM interface code */
 
 /*
@@ -171,6 +181,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
 }
 #endif
 
+#ifdef BROKEN_BSM_API
+/*
+  In Solaris 11 the audit daemon has been moved to SMF. In the process
+  they simply dropped getacna() from the API, since it read from a now
+  non-existent config file. This function re-implements getacna() to
+  read from the SMF repository instead.
+ */
+int
+getacna(char *auditstring, int len)
+{
+	scf_handle_t *handle = NULL;
+	scf_property_t *property = NULL;
+	scf_value_t *value = NULL;
+	int ret = 0;
+
+	handle = scf_handle_create(SCF_VERSION);
+	if (handle == NULL) 
+	        return -2; /* The man page for getacna on Solaris 10 states
+			      we should return -2 in case of error and set
+			      errno to indicate the error. We don't bother
+			      with errno here, though, since the only use
+			      of this function below doesn't check for errors
+			      anyway. 
+			   */
+
+	ret = scf_handle_bind(handle);
+	if (ret == -1) 
+	        return -2;
+
+	property = scf_property_create(handle);
+	if (property == NULL) 
+	        return -2;
+
+	ret = scf_handle_decode_fmri(handle, 
+	     "svc:/system/auditd:default/:properties/preselection/naflags",
+				     NULL, NULL, NULL, NULL, property, 0);
+	if (ret == -1) 
+	        return -2;
+
+	value = scf_value_create(handle);
+	if (value == NULL) 
+	        return -2;
+
+	ret = scf_property_get_value(property, value);
+	if (ret == -1) 
+	        return -2;
+
+	ret = scf_value_get_astring(value, auditstring, len);
+	if (ret == -1) 
+	        return -2;
+
+	scf_value_destroy(value);
+	scf_property_destroy(property);
+	scf_handle_destroy(handle);
+
+	return 0;
+}
+#endif
+
 /*
  * Check if the specified event is selected (enabled) for auditing.
  * Returns 1 if the event is selected, 0 if not and -1 on failure.
@@ -223,7 +292,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no)
 	(void) au_write(ad, au_to_text(string));
 	(void) au_write(ad, AUToReturnFunc(typ, rc));
 
+#ifdef BROKEN_BSM_API
+	/* The last argument is the event modifier flags. For
+	   some seemingly undocumented reason it was added in
+	   Solaris 11. */
+	rc = au_close(ad, AU_TO_WRITE, event_no, 0);
+#else
 	rc = au_close(ad, AU_TO_WRITE, event_no);
+#endif
+
 	if (rc < 0)
 		error("BSM audit: %s failed to write \"%s\" record: %s",
 		    __func__, string, strerror(errno));

auth-bsdauth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -24,7 +24,6 @@
  */
 
 #include "includes.h"
-
 /*
  * We support only client side kerberos on Windows.
  */
@@ -35,6 +34,8 @@
 #endif
 
 #include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
 
 #include <stdarg.h>
 
@@ -63,6 +64,11 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
 	Authctxt *authctxt = ctx;
 	char *challenge = NULL;
 
+	*infotxt = NULL;
+	*numprompts = 0;
+	*prompts = NULL;
+	*echo_on = NULL;
+
 	if (authctxt->as != NULL) {
 		debug2("bsdauth_query: try reuse session");
 		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);

auth-chall.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -26,14 +26,16 @@
 #include "includes.h"
 
 #include <sys/types.h>
-
 #include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
 
 #include "xmalloc.h"
 #include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 
 /* limited protocol v1 interface to kbd-interactive authentication */
@@ -69,11 +71,11 @@ get_challenge(Authctxt *authctxt)
 		fatal("get_challenge: numprompts < 1");
 	challenge = xstrdup(prompts[0]);
 	for (i = 0; i < numprompts; i++)
-		xfree(prompts[i]);
-	xfree(prompts);
-	xfree(name);
-	xfree(echo_on);
-	xfree(info);
+		free(prompts[i]);
+	free(prompts);
+	free(name);
+	free(echo_on);
+	free(info);
 
 	return (challenge);
 }
@@ -102,11 +104,11 @@ verify_response(Authctxt *authctxt, const char *response)
 			authenticated = 1;
 
 		for (i = 0; i < numprompts; i++)
-			xfree(prompts[i]);
-		xfree(prompts);
-		xfree(name);
-		xfree(echo_on);
-		xfree(info);
+			free(prompts[i]);
+		free(prompts);
+		free(name);
+		free(echo_on);
+		free(info);
 		break;
 	}
 	device->free_ctx(authctxt->kbdintctxt);