Bugzilla – Attachment 3443 Details for
Bug 3205
Support HPE NonStop Server Port
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Git diff for patches associated with the NonStop port
patches.log (text/plain), 48.11 KB, created by
Randall S. Becker
on 2020-08-31 00:48:13 AEST
(
hide
)
Description:
Git diff for patches associated with the NonStop port
Filename:
MIME Type:
Creator:
Randall S. Becker
Created:
2020-08-31 00:48:13 AEST
Size:
48.11 KB
patch
obsolete
>diff --git a/README_OSS b/README_OSS >new file mode 100644 >index 00000000..e32fbd7b >--- /dev/null >+++ b/README_OSS >@@ -0,0 +1,14 @@ >+# Port for NonStop OSS >+# Guesses >+ >+0. Merge the openssh tag with your branch. You know know how to do this. >+ >+1. Apply/merge configure.ac script changes (should be automatic from git). >+ This pulls in #ifdef __TANDEM for generated files. Check it. >+ >+2. Run: >+conf_script_floss_cc --without-openssl-header-check >+ >+3. Check configure to ensure that the #ifdef __TANDEM constructs are there. >+ >+ >diff --git a/audit-linux.c b/audit-linux.c >index 3fcbe5c5..4b523646 100644 >--- a/audit-linux.c >+++ b/audit-linux.c >@@ -61,7 +61,7 @@ linux_audit_record_event(int uid, const char *username, const char *hostname, > * Do not report error if the error is EPERM and sshd is run as non > * root user. > */ >- if ((rc == -EPERM) && (geteuid() != 0)) >+ if ((rc == -EPERM) && (geteuid() != SUPERUSER)) > rc = 0; > errno = saved_errno; > >diff --git a/auth-pam.c b/auth-pam.c >index 5a3ba09b..2725eb04 100644 >--- a/auth-pam.c >+++ b/auth-pam.c >@@ -294,7 +294,7 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags) > if (setreuid(sshpam_authctxt->pw->pw_uid, -1) == -1) > fatal("%s: setreuid failed: %s", __func__, strerror(errno)); > result = pam_chauthtok(pamh, flags); >- if (setreuid(0, -1) == -1) >+ if (setreuid(SUPERUSER, -1) == -1) > fatal("%s: setreuid failed: %s", __func__, strerror(errno)); > return result; > } >@@ -899,7 +899,7 @@ sshpam_query(void *ctx, char **name, char **info, > } > if (type == PAM_SUCCESS) { > if (!sshpam_authctxt->valid || >- (sshpam_authctxt->pw->pw_uid == 0 && >+ (sshpam_authctxt->pw->pw_uid == SUPERUSER && > options.permit_root_login != PERMIT_YES)) > fatal("Internal error: PAM auth " > "succeeded when it should have " >@@ -979,7 +979,7 @@ sshpam_respond(void *ctx, u_int num, char **resp) > if ((buffer = sshbuf_new()) == NULL) > fatal("%s: sshbuf_new failed", __func__); > if (sshpam_authctxt->valid && >- (sshpam_authctxt->pw->pw_uid != 0 || >+ (sshpam_authctxt->pw->pw_uid != SUPERUSER || > options.permit_root_login == PERMIT_YES)) { > if ((r = sshbuf_put_cstring(buffer, *resp)) != 0) > fatal("%s: buffer error: %s", __func__, ssh_err(r)); >@@ -1341,7 +1341,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) > * by PermitRootLogin, use an invalid password to prevent leaking > * information via timing (eg if the PAM config has a delay on fail). > */ >- if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && >+ if (!authctxt->valid || (authctxt->pw->pw_uid == SUPERUSER && > options.permit_root_login != PERMIT_YES)) > sshpam_password = fake = fake_password(password); > >diff --git a/auth-passwd.c b/auth-passwd.c >index 24fcb67b..86428bac 100644 >--- a/auth-passwd.c >+++ b/auth-passwd.c >@@ -87,7 +87,7 @@ auth_password(struct ssh *ssh, const char *password) > return 0; > > #ifndef HAVE_CYGWIN >- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) >+ if (pw->pw_uid == SUPERUSER && options.permit_root_login != PERMIT_YES) > ok = 0; > #endif > if (*password == '\0' && options.permit_empty_passwd == 0) >diff --git a/auth-rhosts.c b/auth-rhosts.c >index e81321b4..d460a8ca 100644 >--- a/auth-rhosts.c >+++ b/auth-rhosts.c >@@ -231,7 +231,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, > * If not logging in as superuser, try /etc/hosts.equiv and > * shosts.equiv. > */ >- if (pw->pw_uid == 0) >+ if (pw->pw_uid == SUPERUSER) > debug3("%s: root user, ignoring system hosts files", __func__); > else { > if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, >@@ -260,7 +260,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, > return 0; > } > if (options.strict_modes && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != SUPERUSER && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Rhosts authentication refused for %.100s: " > "bad ownership or modes for home directory.", pw->pw_name); >@@ -287,7 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, > * allowing access to their account by anyone. > */ > if (options.strict_modes && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != SUPERUSER && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Rhosts authentication refused for %.100s: bad modes for %.200s", > pw->pw_name, buf); >diff --git a/auth-sia.c b/auth-sia.c >index ebe9d8d1..06c7aae8 100644 >--- a/auth-sia.c >+++ b/auth-sia.c >@@ -108,7 +108,7 @@ session_setup_sia(struct passwd *pw, char *tty) > > sia_ses_release(&ent); > >- setuid(0); >+ setuid(SUPERUSER); > permanently_set_uid(pw); > } > >diff --git a/auth.c b/auth.c >index 086b8ebb..cee944c5 100644 >--- a/auth.c >+++ b/auth.c >@@ -473,7 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, > user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); > if (options.strict_modes && > (stat(user_hostfile, &st) == 0) && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != SUPERUSER && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Authentication refused for %.100s: " > "bad owner or modes for %.200s", >diff --git a/auth2.c b/auth2.c >index 91aaf34a..85344eb4 100644 >--- a/auth2.c >+++ b/auth2.c >@@ -363,7 +363,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, > fatal("INTERNAL ERROR: authenticated and postponed"); > > /* Special handling for root */ >- if (authenticated && authctxt->pw->pw_uid == 0 && >+ if (authenticated && authctxt->pw->pw_uid == SUPERUSER && > !auth_root_allowed(ssh, method)) { > authenticated = 0; > #ifdef SSH_AUDIT_EVENTS >diff --git a/channels.c b/channels.c >index 95a51e21..df8b98e4 100644 >--- a/channels.c >+++ b/channels.c >@@ -41,6 +41,9 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif > #include <sys/types.h> > #include <sys/stat.h> > #include <sys/ioctl.h> >@@ -2335,7 +2338,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, > close(newsock); > return; > } >- if ((euid != 0) && (getuid() != euid)) { >+ if ((euid != SUPERUSER) && (getuid() != euid)) { > error("multiplex uid mismatch: peer euid %u != uid %u", > (u_int)euid, (u_int)getuid()); > close(newsock); >diff --git a/clientloop.c b/clientloop.c >index da396c72..d364b6fb 100644 >--- a/clientloop.c >+++ b/clientloop.c >@@ -61,6 +61,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN MAX */ > #include <sys/types.h> > #include <sys/ioctl.h> > #ifdef HAVE_SYS_STAT_H >@@ -1777,6 +1782,8 @@ client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) > /* Record exit value of local session */ > success = 1; > exit_status = exitval; >+ debug("%s: exit-status set to %d at %d", >+ __func__, exit_status, __LINE__ ); > } else { > /* Probably for a mux channel that has already closed */ > debug("%s: no sink for exit-status on channel %d", >@@ -1935,7 +1942,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) > options.update_hostkeys = 0; > break; > } else { >- do_log2(loglevel, "Please enter " >+ do_log2((LogLevel)loglevel, "Please enter " > "\"yes\" or \"no\""); > } > } >diff --git a/config.sub b/config.sub >index 973a2980..4de88efb 100755 >--- a/config.sub >+++ b/config.sub >@@ -834,6 +834,19 @@ case $basic_machine in > np1) > cpu=np1 > vendor=gould >+ basic_machine=np1-gould >+ ;; >+ neo-tandem) >+ basic_machine=neo-tandem >+ ;; >+ nse-tandem-*) >+ basic_machine=nse-tandem >+ ;; >+ nsx-tandem-*) >+ basic_machine=nsx-tandem >+ ;; >+ nsr-tandem) >+ basic_machine=nsr-tandem > ;; > op50n-* | op60c-*) > cpu=hppa1.1 >diff --git a/configure.ac b/configure.ac >index 46038375..7181e934 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -1233,7 +1233,7 @@ EOD > esac > > AC_MSG_CHECKING([compiler and flags for sanity]) >-AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], >+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ #include <stdlib.h> ]], [[ exit(0); ]])], > [ AC_MSG_RESULT([yes]) ], > [ > AC_MSG_RESULT([no]) >@@ -4052,7 +4052,11 @@ fi > AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ > AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > #include <sys/types.h> >+#ifdef __TANDEM >+#include <netinet/in6.h> >+#else > #include <netinet/in.h> >+#endif > ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], > [ ac_cv_have_struct_sockaddr_in6="yes" ], > [ ac_cv_have_struct_sockaddr_in6="no" >@@ -4066,7 +4070,11 @@ fi > AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ > AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > #include <sys/types.h> >+#ifdef __TANDEM >+#include <netinet/in6.h> >+#else > #include <netinet/in.h> >+#endif > ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], > [ ac_cv_have_struct_in6_addr="yes" ], > [ ac_cv_have_struct_in6_addr="no" >@@ -4082,7 +4090,11 @@ dnl Now check for sin6_scope_id > #ifdef HAVE_SYS_TYPES_H > #include <sys/types.h> > #endif >+#ifdef __TANDEM >+#include <netinet/in6.h> >+#else > #include <netinet/in.h> >+#endif > ]) > fi > >diff --git a/defines.h b/defines.h >index b8ea88b2..166a4313 100644 >--- a/defines.h >+++ b/defines.h >@@ -409,9 +409,12 @@ struct winsize { > #endif > > /* bits needed for select that may not be in the system headers */ >+#ifndef __TANDEM >+/* configure gets this wrong */ > #ifndef HAVE_FD_MASK > typedef unsigned long int fd_mask; > #endif >+#endif > > #if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 > # define NFDBITS (8 * sizeof(unsigned long)) >diff --git a/hostfile.c b/hostfile.c >index a4a35597..180a334c 100644 >--- a/hostfile.c >+++ b/hostfile.c >@@ -213,7 +213,7 @@ check_markers(char **cpp) > ; > } > *cpp = cp; >- return ret; >+ return (HostkeyMarker)ret; > } > > struct hostkeys * >@@ -258,7 +258,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx) > hostkeys->entries[hostkeys->num_entries].line = l->linenum; > hostkeys->entries[hostkeys->num_entries].key = l->key; > l->key = NULL; /* steal it */ >- hostkeys->entries[hostkeys->num_entries].marker = l->marker; >+ hostkeys->entries[hostkeys->num_entries].marker = (HostkeyMarker)l->marker; > hostkeys->num_entries++; > ctx->num_loaded++; > >@@ -501,7 +501,7 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) > * Hostname matches and has no CA/revoke marker, delete it > * by *not* writing the line to ctx->out. > */ >- do_log2(loglevel, "%s%s%s:%ld: Removed %s key for host %s", >+ do_log2((LogLevel)loglevel, "%s%s%s:%ld: Removed %s key for host %s", > ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", > l->path, l->linenum, sshkey_type(l->key), ctx->host); > ctx->modified = 1; >@@ -509,7 +509,7 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) > } > /* Retain non-matching hosts and invalid lines when deleting */ > if (l->status == HKF_STATUS_INVALID) { >- do_log2(loglevel, "%s%s%s:%ld: invalid known_hosts entry", >+ do_log2((LogLevel)loglevel, "%s%s%s:%ld: invalid known_hosts entry", > ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", > l->path, l->linenum); > } >@@ -579,7 +579,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip, > r = SSH_ERR_ALLOC_FAIL; > goto fail; > } >- do_log2(loglevel, "%s%sAdding new key for %s to %s: %s %s", >+ do_log2((LogLevel)loglevel, "%s%sAdding new key for %s to %s: %s %s", > quiet ? __func__ : "", quiet ? ": " : "", host, filename, > sshkey_ssh_name(keys[i]), fp); > free(fp); >diff --git a/includes.h b/includes.h >index 0fd71792..943b249e 100644 >--- a/includes.h >+++ b/includes.h >@@ -110,6 +110,60 @@ > #endif > > #include <netinet/in.h> >+#ifdef __TANDEM >+# include <netinet/in6.h> >+/* while we're at it... */ >+# include <fcntl.h> >+# include <sys/time.h> /* struct timeval */ >+/*# include <floss.h(floss_utimes)>*/ /* scp.c, sftp-server.c */ >+# define MISSING_NFDBITS 1 /* not detected by configure */ >+# define MISSING_FD_MASK 1 /* not detected by configure */ >+typedef long fd_mask; /* Not supplied anymore */ >+# define __timespec_DEFINED /* Hack? */ >+#if 0 >+ extern const void * EVP_sha256(void); /* Hack? Needed by schnorr.c, OpenSSL issue? */ >+#endif >+# undef HAVE__RES_EXTERN /* misdetected by configure? */ >+# define DISABLE_UTMPX /* might be done via ./configure --enable-utmpx=no ? */ >+ >+/* SI_WRITE is obsolete, but still used in scp.c, sftp-client.c */ >+# define S_IWRITE S_IWUSR >+ >+/* atomicio.c, auth2.c, authfd.c, channels.c, clientloop.c , monitor.c, monitor_wrap.c, msg.c, mux.c, openbsd-compat/readpassphrase.c, readpass.c, roaming_common.c, roaming_dummy.c, scp.c, serverloop.c, sftp-client.c, sftp-server.c, ssh-agent.c, ssh-keyscan.c, ssh-pkcs11-client.c, ssh-pkcs11-helper.c, sshconnect.c, sshd.c */ >+# include <floss.h(floss_read)> >+/* atomicio.c */ >+# include <floss.h(floss_readv)> >+/* authfd.c, authfile.c, channel.c, clientloop.c, log.c, monitor_wrapxp.c, msg.c, mux.c, openbsd-compat/readpassphrase.c, progressmeter.c, roaming_common.c, roaming_dummy.c, scp.c, serverloop.c, sftp-client.c, sftp-server.c, sftp.c, ssh-agent.c, ssh-keyscan.c, ssh-pkcs11-client.c, ssh-pkcs11-helper.c, sshconnect.c, sshd.c */ >+# include <floss.h(floss_write)> >+/* sftp-client.c */ >+# include <floss.h(floss_writev)> >+/* clientloop.c, openbsd-compat/daemon.c, readpass.c. scp.c, ssh-pkcs11-client.c, ssh.c, sshconnect.c */ >+# include <floss.h(floss_fsync)> >+/* sftp-client.c, sftp-server.c */ >+# include <floss.h(floss_fork)> >+/* clientloop.c, openbsd-compat/bsd-misc.c, openbsd-compat/bsd-poll.c, serverloop.c, session.c, sftp-server.c, sftp.c, ssh-agent.c, ssh-agent.c, ssh-keyscan.c, ssh-pkcs11-helper.c, sshconnect.c, sshconnect2.c, sshd.c */ >+# include <floss.h(floss_getpwuid)> >+/* readpass.c, scp.c, ssh-pkcs11-client.c */ >+# include <floss.h(floss_execlp)> >+/* session.c, sftp.c, sshconnect.c, sshconnect2.c */ >+# include <floss.h(floss_execl)> >+/* session.c */ >+# include <floss.h(floss_execve)> >+/* sftp.c, ssh-agent.c */ >+# include <floss.h(floss_execvp)> >+/* sshconnect.c, sshd.c */ >+# include <floss.h(floss_execv)> >+/* ssh.c, uidswap.c, sshconnect.c */ >+# include <floss.h(floss_seteuid,)> >+/* uidswap.c */ >+# include <floss.h(floss_setreuid)> >+/* auth1.c, channels.c, loginrec.c, plattform.c, session.c, sshd.c */ >+# define SUPERUSER 65535 >+# define NSIG (SIGABEND+1) >+#else >+# define SUPERUSER 0 >+#endif /* __TANDEM */ >+ > #include <netinet/in_systm.h> /* For typedefs */ > #ifdef HAVE_RPC_TYPES_H > # include <rpc/types.h> /* For INADDR_LOOPBACK */ >diff --git a/loginrec.c b/loginrec.c >index e5289deb..c8234dc6 100644 >--- a/loginrec.c >+++ b/loginrec.c >@@ -439,7 +439,7 @@ int > login_write(struct logininfo *li) > { > #ifndef HAVE_CYGWIN >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > logit("Attempt to write login records by non-root user (aborting)"); > return (1); > } >@@ -1667,7 +1667,7 @@ record_failed_login(struct ssh *ssh, const char *username, const char *hostname, > time_t t; > struct stat fst; > >- if (geteuid() != 0) >+ if (geteuid() != SUPERUSER) > return; > if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) { > debug("Unable to open the btmp file %s: %s", _PATH_BTMP, >@@ -1679,7 +1679,7 @@ record_failed_login(struct ssh *ssh, const char *username, const char *hostname, > strerror(errno)); > goto out; > } >- if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != 0)){ >+ if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != SUPERUSER)){ > logit("Excess permission or bad ownership on file %s", > _PATH_BTMP); > goto out; >diff --git a/logintest.c b/logintest.c >index 4897ae0f..31ad3c25 100644 >--- a/logintest.c >+++ b/logintest.c >@@ -125,7 +125,7 @@ testAPI() > if (be_verbose) > dump_logininfo(li1, "li1"); > >- if ((int)geteuid() != 0) { >+ if ((int)geteuid() != SUPERUSER) { > printf("NOT RUNNING LOGIN TESTS - you are not root!\n"); > return 1; > } >diff --git a/monitor.c b/monitor.c >index b6e855d5..74b51aa9 100644 >--- a/monitor.c >+++ b/monitor.c >@@ -221,7 +221,7 @@ struct mon_table mon_dispatch_proto20[] = { > {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, > {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, > #endif >- {0, 0, NULL} >+ {(enum monitor_reqtype)0, 0, NULL} > }; > > struct mon_table mon_dispatch_postauth20[] = { >@@ -236,7 +236,7 @@ struct mon_table mon_dispatch_postauth20[] = { > {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, > {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, > #endif >- {0, 0, NULL} >+ {(enum monitor_reqtype)0, 0, NULL} > }; > > struct mon_table *mon_dispatch; >@@ -320,7 +320,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) > if (!(ent->flags & MON_AUTHDECIDE)) > fatal("%s: unexpected authentication from %d", > __func__, ent->type); >- if (authctxt->pw->pw_uid == 0 && >+ if (authctxt->pw->pw_uid == SUPERUSER && > !auth_root_allowed(ssh, auth_method)) > authenticated = 0; > #ifdef USE_PAM >@@ -460,7 +460,7 @@ monitor_read_log(struct monitor *pmonitor) > if (log_level_name(level) == NULL) > fatal("%s: invalid log level %u (corrupted message?)", > __func__, level); >- do_log2(level, "%s [preauth]", msg); >+ do_log2((LogLevel)level, "%s [preauth]", msg); > > sshbuf_free(logmsg); > free(msg); >diff --git a/mux.c b/mux.c >index fb31ad44..04024225 100644 >--- a/mux.c >+++ b/mux.c >@@ -19,6 +19,10 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ > #include <sys/types.h> > #include <sys/stat.h> > #include <sys/socket.h> >@@ -2400,3 +2404,4 @@ muxclient(const char *path) > fatal("unrecognised muxclient_command %d", muxclient_command); > } > } >+ >diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c >index 059b6d3b..f6c3e110 100644 >--- a/openbsd-compat/bsd-misc.c >+++ b/openbsd-compat/bsd-misc.c >@@ -143,7 +143,7 @@ utimensat(int fd, const char *path, const struct timespec times[2], > return -1; > } > # ifndef HAVE_FUTIMES >- return utimes(path, tv); >+ return utimes((char *)path, tv); > # else > # ifdef O_NOFOLLOW > if (flag & AT_SYMLINK_NOFOLLOW) >diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h >index 3a7dd6f4..d5b3566e 100644 >--- a/openbsd-compat/bsd-misc.h >+++ b/openbsd-compat/bsd-misc.h >@@ -178,6 +178,7 @@ int flock(int, int); > > #ifdef FFLUSH_NULL_BUG > # define fflush(x) (_ssh_compat_fflush(x)) >+int _ssh_compat_fflush(FILE *x); > #endif > > #ifndef HAVE_LOCALTIME_R >diff --git a/openbsd-compat/bsd-waitpid.c b/openbsd-compat/bsd-waitpid.c >index 113fb1ea..00ef81cd 100644 >--- a/openbsd-compat/bsd-waitpid.c >+++ b/openbsd-compat/bsd-waitpid.c >@@ -47,7 +47,8 @@ waitpid(int pid, int *stat_loc, int options) > if (stat_loc) > *stat_loc = (int) statusp.w_status; > >- return (wait_pid); >+ debug3("%s: got back pid %d", __func__, wait_pid); >+ return (wait_pid); > } > > #endif /* !HAVE_WAITPID */ >diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c >index dc6fe053..0163ca08 100644 >--- a/openbsd-compat/getrrsetbyname.c >+++ b/openbsd-compat/getrrsetbyname.c >@@ -115,7 +115,11 @@ struct __res_state _res; > > #ifndef HAVE__GETSHORT > static u_int16_t >+#ifdef __TANDEM /* workaround for nasty bug on NonStop */ >+__getshort(msgp) >+#else > _getshort(msgp) >+#endif > register const u_char *msgp; > { > register u_int16_t u; >@@ -126,10 +130,17 @@ _getshort(msgp) > #elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) > u_int16_t _getshort(register const u_char *); > #endif >+#ifdef __TANDEM /* workaround for nasty bug on NonStop */ >+# define _getshort __getshort >+#endif > > #ifndef HAVE__GETLONG > static u_int32_t >+#ifdef __TANDEM /* workaround for nasty bug on NonStop */ >+__getlong(msgp) >+#else > _getlong(msgp) >+#endif > register const u_char *msgp; > { > register u_int32_t u; >@@ -140,6 +151,9 @@ _getlong(msgp) > #elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) > u_int32_t _getlong(register const u_char *); > #endif >+#ifdef __TANDEM /* workaround for nasty bug on NonStop */ >+# define _getlong __getlong >+#endif > > /* ************** */ > >@@ -465,7 +479,11 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) > prev->next = curr; > > /* name */ >+#ifdef __TANDEM >+ length = dn_expand((u_char *)answer, (u_char *)(answer + size), (u_char *)*cp, (u_char *)name, >+#else > length = dn_expand(answer, answer + size, *cp, name, >+#endif > sizeof(name)); > if (length < 0) { > free_dns_query(head); >@@ -512,7 +530,11 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, > prev->next = curr; > > /* name */ >+#ifdef __TANDEM >+ length = dn_expand((u_char *)answer, (u_char *)(answer + size), (u_char *)*cp, (u_char *)name, >+#else > length = dn_expand(answer, answer + size, *cp, name, >+#endif > sizeof(name)); > if (length < 0) { > free_dns_rr(head); >diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c >index e8915178..27232935 100644 >--- a/openbsd-compat/glob.c >+++ b/openbsd-compat/glob.c >@@ -177,6 +177,8 @@ static int match(Char *, Char *, Char *); > #ifdef DEBUG > static void qprintf(const char *, Char *); > #endif >+size_t strnlen(const char *str, size_t maxlen); >+ > > int > glob(const char *pattern, int flags, int (*errfunc)(const char *, int), >diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c >index e0d3eba5..f5e5e09d 100644 >--- a/openbsd-compat/port-aix.c >+++ b/openbsd-compat/port-aix.c >@@ -249,7 +249,7 @@ sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) > * logins via ssh) or if running as non-root user (since > * loginrestrictions will always fail due to insufficient privilege). > */ >- if (pw->pw_uid == 0 || geteuid() != 0) { >+ if (pw->pw_uid == SUPERUSER || geteuid() != SUPERUSER) { > debug3("%s: not checking", __func__); > return 1; > } >@@ -316,7 +316,7 @@ void > record_failed_login(struct ssh *ssh, const char *user, const char *hostname, > const char *ttyname) > { >- if (geteuid() != 0) >+ if (geteuid() != SUPERUSER) > return; > > aix_setauthdb(user); >diff --git a/packet.c b/packet.c >index e7abb341..a0b7b758 100644 >--- a/packet.c >+++ b/packet.c >@@ -39,6 +39,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN roundup */ > #include <sys/types.h> > #include "openbsd-compat/sys-queue.h" > #include <sys/socket.h> >diff --git a/platform-misc.c b/platform-misc.c >index 3f396704..54f56fb5 100644 >--- a/platform-misc.c >+++ b/platform-misc.c >@@ -25,7 +25,7 @@ > int > platform_sys_dir_uid(uid_t uid) > { >- if (uid == 0) >+ if (uid == SUPERUSER) > return 1; > #ifdef PLATFORM_SYS_DIR_UID > if (uid == PLATFORM_SYS_DIR_UID) >diff --git a/platform.c b/platform.c >index 44ba71dc..92ee5005 100644 >--- a/platform.c >+++ b/platform.c >@@ -86,7 +86,7 @@ platform_privileged_uidswap(void) > /* uid 0 is not special on Cygwin so always try */ > return 1; > #else >- return (getuid() == 0 || geteuid() == 0); >+ return (getuid() == SUPERUSER || geteuid() == SUPERUSER); > #endif > } > >@@ -108,12 +108,12 @@ platform_setusercontext(struct passwd *pw) > * we are using PAM in which case it is the responsibility of the > * PAM stack. > */ >- if (!options.use_pam && (getuid() == 0 || geteuid() == 0)) >+ if (!options.use_pam && (getuid() == SUPERUSER || geteuid() == SUPERUSER)) > solaris_set_default_project(pw); > #endif > > #if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) >- if (getuid() == 0 || geteuid() == 0) >+ if (getuid() == SUPERUSER || geteuid() == SUPERUSER) > setpgid(0, 0); > # endif > >@@ -122,7 +122,7 @@ platform_setusercontext(struct passwd *pw) > * If we have both LOGIN_CAP and PAM, we want to establish creds > * before calling setusercontext (in session.c:do_setusercontext). > */ >- if (getuid() == 0 || geteuid() == 0) { >+ if (getuid() == SUPERUSER || geteuid() == SUPERUSER) { > if (options.use_pam) { > do_pam_setcred(use_privsep); > } >@@ -130,8 +130,9 @@ platform_setusercontext(struct passwd *pw) > # endif /* USE_PAM */ > > #if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID) >- if (getuid() == 0 || geteuid() == 0) { >+ if (getuid() == SUPERUSER || geteuid() == SUPERUSER) { > /* Sets login uid for accounting */ >+ /* Not supported on NonStop */ > if (getluid() == -1 && setluid(pw->pw_uid) == -1) > error("setluid: %s", strerror(errno)); > } >diff --git a/readconf.c b/readconf.c >index 2afcbaec..1ba161c9 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -1873,7 +1873,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, > > if (fstat(fileno(f), &sb) == -1) > fatal("fstat %s: %s", filename, strerror(errno)); >- if (((sb.st_uid != 0 && sb.st_uid != getuid()) || >+ if (((sb.st_uid != SUPERUSER && sb.st_uid != getuid()) || > (sb.st_mode & 022) != 0)) > fatal("Bad owner or permissions on %s", filename); > } >diff --git a/readpass.c b/readpass.c >index 974d67f0..8dcd279a 100644 >--- a/readpass.c >+++ b/readpass.c >@@ -25,6 +25,10 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ > #include <sys/types.h> > #include <sys/wait.h> > >diff --git a/regress/banner.sh b/regress/banner.sh >index 0d9654fe..22c94bf7 100644 >--- a/regress/banner.sh >+++ b/regress/banner.sh >@@ -13,7 +13,8 @@ verbose "test $tid: missing banner file" > cmp $OBJ/empty.in $OBJ/banner.out ) || \ > fail "missing banner file" > >-for s in 0 10 100 1000 10000 100000 ; do >+#for s in 0 10 100 1000 10000 100000 ; do >+for s in 0 10 100 1000 10000 ; do > if [ "$s" = "0" ]; then > # create empty banner > touch $OBJ/banner.in >@@ -42,3 +43,5 @@ verbose "test $tid: suppress banner (-q)" > fail "suppress banner (-q)" > > rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in >+ >+ >diff --git a/regress/check-perm.c b/regress/check-perm.c >index dac307d2..c7ff2f52 100644 >--- a/regress/check-perm.c >+++ b/regress/check-perm.c >@@ -61,7 +61,7 @@ safely_chroot(const char *path, uid_t uid) > if (stat(component, &st) != 0) > fatal("%s: stat(\"%s\"): %s", __func__, > component, strerror(errno)); >- if (st.st_uid != 0 || (st.st_mode & 022) != 0) >+ if (st.st_uid != SUPERUSER || (st.st_mode & 022) != 0) > fatal("bad ownership or modes for chroot " > "directory %s\"%s\"", > cp == NULL ? "" : "component ", component); >@@ -80,7 +80,7 @@ safely_chroot(const char *path, uid_t uid) > int > platform_sys_dir_uid(uid_t uid) > { >- if (uid == 0) >+ if (uid == SUPERUSER) > return 1; > #ifdef PLATFORM_SYS_DIR_UID > if (uid == PLATFORM_SYS_DIR_UID) >diff --git a/regress/multiplex.sh b/regress/multiplex.sh >index 817ddbfa..3976773b 100644 >--- a/regress/multiplex.sh >+++ b/regress/multiplex.sh >@@ -11,6 +11,10 @@ if config_defined DISABLE_FD_PASSING ; then > echo "skipped (not supported on this platform)" > exit 0 > fi >+if [ `uname` = "NONSTOP_KERNEL" ]; then >+ echo "skipped (not yet ported on NONSTOP)" >+ exit 0 >+fi > > P=3301 # test port > >@@ -52,13 +56,13 @@ rm -f ${COPY} > trace "ssh transfer over multiplexed connection and check result" > ${SSH} -F $OBJ/ssh_config -S$CTL otherhost cat ${DATA} > ${COPY} > test -f ${COPY} || fail "ssh -Sctl: failed copy ${DATA}" >-cmp ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}" >+diff ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}" > > rm -f ${COPY} > trace "ssh transfer over multiplexed connection and check result" > ${SSH} -F $OBJ/ssh_config -S $CTL otherhost cat ${DATA} > ${COPY} > test -f ${COPY} || fail "ssh -S ctl: failed copy ${DATA}" >-cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" >+diff ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" > > rm -f ${COPY} > trace "sftp transfer over multiplexed connection and check result" >diff --git a/regress/netcat.c b/regress/netcat.c >index fe94dd90..a0151378 100644 >--- a/regress/netcat.c >+++ b/regress/netcat.c >@@ -39,6 +39,9 @@ > #include <sys/uio.h> > #include <sys/un.h> > >+#if defined (__TANDEM) >+#include <arpa/inet.h> >+#endif > #include <netinet/in.h> > #include <netinet/tcp.h> > #include <netinet/ip.h> >@@ -845,21 +848,30 @@ readwrite(int net_fd) > > /* treat socket error conditions */ > for (n = 0; n < 4; n++) { >+#if defined (__TANDEM) >+ if (pfd[n].revents & (POLLERR)) { >+#else > if (pfd[n].revents & (POLLERR|POLLNVAL)) { >+#endif > pfd[n].fd = -1; > } > } > /* reading is possible after HUP */ > if (pfd[POLL_STDIN].events & POLLIN && >+#if ! defined (__TANDEM) > pfd[POLL_STDIN].revents & POLLHUP && >+#endif > ! (pfd[POLL_STDIN].revents & POLLIN)) > pfd[POLL_STDIN].fd = -1; > > if (pfd[POLL_NETIN].events & POLLIN && >+#if ! defined (__TANDEM) > pfd[POLL_NETIN].revents & POLLHUP && >+#endif > ! (pfd[POLL_NETIN].revents & POLLIN)) > pfd[POLL_NETIN].fd = -1; > >+#if ! defined (__TANDEM) > if (pfd[POLL_NETOUT].revents & POLLHUP) { > if (Nflag) > shutdown(pfd[POLL_NETOUT].fd, SHUT_WR); >@@ -868,6 +880,7 @@ readwrite(int net_fd) > /* if HUP, stop watching stdout */ > if (pfd[POLL_STDOUT].revents & POLLHUP) > pfd[POLL_STDOUT].fd = -1; >+#endif > /* if no net out, stop watching stdin */ > if (pfd[POLL_NETOUT].fd == -1) > pfd[POLL_STDIN].fd = -1; >@@ -1224,7 +1237,9 @@ map_tos(char *s, int *val) > { "af41", IPTOS_DSCP_AF41 }, > { "af42", IPTOS_DSCP_AF42 }, > { "af43", IPTOS_DSCP_AF43 }, >+#if ! defined (__TANDEM) > { "critical", IPTOS_PREC_CRITIC_ECP }, >+#endif > { "cs0", IPTOS_DSCP_CS0 }, > { "cs1", IPTOS_DSCP_CS1 }, > { "cs2", IPTOS_DSCP_CS2 }, >@@ -1234,9 +1249,13 @@ map_tos(char *s, int *val) > { "cs6", IPTOS_DSCP_CS6 }, > { "cs7", IPTOS_DSCP_CS7 }, > { "ef", IPTOS_DSCP_EF }, >+#if ! defined (__TANDEM) > { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, >+#endif > { "lowdelay", IPTOS_LOWDELAY }, >+#if ! defined (__TANDEM) > { "netcontrol", IPTOS_PREC_NETCONTROL }, >+#endif > { "reliability", IPTOS_RELIABILITY }, > { "throughput", IPTOS_THROUGHPUT }, > { NULL, -1 }, >diff --git a/regress/rekey.sh b/regress/rekey.sh >index fd6a02cc..3e53d368 100644 >--- a/regress/rekey.sh >+++ b/regress/rekey.sh >@@ -62,7 +62,9 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then > done > fi > >-for s in 16 1k 128k 256k; do >+# RSB: 16 takes too long to process on NonStop >+#for s in 16 1k 128k 256k; do >+for s in 1k 128k 256k; do > verbose "client rekeylimit ${s}" > ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s > done >@@ -100,7 +102,9 @@ for s in 5 10; do > fi > done > >-for s in 16 1k 128k 256k; do >+# RSB: 16 takes too long to process on NonStop >+# for s in 16 1k 128k 256k; do >+for s in 1k 128k 256k; do > verbose "server rekeylimit ${s}" > cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy > echo "rekeylimit ${s}" >>$OBJ/sshd_proxy >diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh >index 29dc44aa..105ba1f7 100644 >--- a/regress/sshd-log-wrapper.sh >+++ b/regress/sshd-log-wrapper.sh >@@ -5,7 +5,10 @@ > # simple wrapper for sshd proxy mode to catch stderr output > # sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd [args...] > >+# set -x > log=$1 > shift > >-exec "$@" -E$log >+# TEMP_FILE=/tmp/$RANDOM.sshd.test >+exec "$@" -E$log # > $TEMP_FILE >+# cat $TEMP_FILE >diff --git a/regress/transfer.sh b/regress/transfer.sh >index cf174a00..da8a8245 100644 >--- a/regress/transfer.sh >+++ b/regress/transfer.sh >@@ -10,7 +10,12 @@ if [ $? -ne 0 ]; then > fi > cmp ${DATA} ${COPY} || fail "corrupted copy" > >-for s in 10 100 1k 32k 64k 128k 256k; do >+BLOCKS="10 100 1k 32k 64k 128k 256k" >+if [ "`uname`" = "NONSTOP_KERNEL" ]; then >+ # NonStop does not support blocking above 56k >+ BLOCKS="10 100 1k 32k" >+fi >+for s in ${BLOCKS}; do > trace "dd-size ${s}" > rm -f ${COPY} > dd if=$DATA obs=${s} 2> /dev/null | \ >diff --git a/regress/unittests/test_helper/fuzz.c b/regress/unittests/test_helper/fuzz.c >index 78b36654..d9fda3e2 100644 >--- a/regress/unittests/test_helper/fuzz.c >+++ b/regress/unittests/test_helper/fuzz.c >@@ -150,7 +150,9 @@ fuzz_fmt(struct fuzz *fuzz, char *s, size_t n) > return 0; > default: > return -1; >+#if ! defined(__TANDEM) > abort(); >+#endif > } > } > >diff --git a/serverloop.c b/serverloop.c >index 340b19a5..b48547ce 100644 >--- a/serverloop.c >+++ b/serverloop.c >@@ -37,6 +37,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN MAX */ > #include <sys/types.h> > #include <sys/wait.h> > #include <sys/socket.h> >@@ -110,7 +115,7 @@ bind_permitted(int port, uid_t uid) > { > if (use_privsep) > return 1; /* allow system to decide */ >- if (port < IPPORT_RESERVED && uid != 0) >+ if (port < IPPORT_RESERVED && uid != SUPERUSER) > return 0; > return 1; > } >@@ -386,9 +391,11 @@ collect_children(struct ssh *ssh) > if (child_terminated) { > debug("Received SIGCHLD."); > while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || >- (pid == -1 && errno == EINTR)) >+ (pid == -1 && errno == EINTR)) { > if (pid > 0) > session_close_by_pid(ssh, pid, status); >+ } >+ debug3("%s: while exit received pid %d with errno %d", __func__, pid, errno); > child_terminated = 0; > } > sigprocmask(SIG_SETMASK, &oset, NULL); >@@ -553,7 +560,7 @@ server_request_direct_streamlocal(struct ssh *ssh) > /* XXX fine grained permissions */ > if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && > auth_opts->permit_port_forwarding_flag && >- !options.disable_forwarding && (pw->pw_uid == 0 || use_privsep)) { >+ !options.disable_forwarding && (pw->pw_uid == SUPERUSER || use_privsep)) { > c = channel_connect_to_path(ssh, target, > "direct-streamlocal@openssh.com", "direct-streamlocal"); > } else { >@@ -877,7 +884,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) > if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 > || !auth_opts->permit_port_forwarding_flag || > options.disable_forwarding || >- (pw->pw_uid != 0 && !use_privsep)) { >+ (pw->pw_uid != SUPERUSER && !use_privsep)) { > success = 0; > ssh_packet_send_debug(ssh, "Server has disabled " > "streamlocal forwarding."); >diff --git a/session.c b/session.c >index 18cdfa8c..b18fd16a 100644 >--- a/session.c >+++ b/session.c >@@ -395,6 +395,8 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) > #ifdef USE_PIPES > int pin[2], pout[2], perr[2]; > >+ debug3("%s: executing %", __func__, command); >+ > if (s == NULL) > fatal("do_exec_no_pty: no session"); > >@@ -421,6 +423,8 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) > #else > int inout[2], err[2]; > >+ debug3("%s: executing %", __func__, command); >+ > if (s == NULL) > fatal("do_exec_no_pty: no session"); > >@@ -441,6 +445,8 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) > session_proctitle(s); > > /* Fork the child. */ >+ debug3("%s: initiating fork()", __func__); >+ > switch ((pid = fork())) { > case -1: > error("%s: fork: %.100s", __func__, strerror(errno)); >@@ -459,6 +465,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) > #endif > return -1; > case 0: >+ debug3("%s: fork() in child", __func__); > is_child = 1; > > /* >@@ -929,7 +936,7 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) > if (tmpenv == NULL) > return; > >- if (uid == 0) >+ if (uid == SUPERUSER) > var = child_get_env(tmpenv, "SUPATH"); > else > var = child_get_env(tmpenv, "PATH"); >@@ -1051,7 +1058,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) > # endif /* HAVE_ETC_DEFAULT_LOGIN */ > if (path == NULL || *path == '\0') { > child_set_env(&env, &envsize, "PATH", >- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); >+ s->pw->pw_uid == SUPERUSER ? SUPERUSER_PATH : _PATH_STDPATH); > } > # endif /* HAVE_CYGWIN */ > #endif /* HAVE_LOGIN_CAP */ >@@ -1279,11 +1286,11 @@ do_nologin(struct passwd *pw) > struct stat sb; > > #ifdef HAVE_LOGIN_CAP >- if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) >+ if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == SUPERUSER) > return; > nl = login_getcapstr(lc, "nologin", def_nl, def_nl); > #else >- if (pw->pw_uid == 0) >+ if (pw->pw_uid == SUPERUSER) > return; > nl = def_nl; > #endif >@@ -1337,7 +1344,7 @@ safely_chroot(const char *path, uid_t uid) > if (stat(component, &st) != 0) > fatal("%s: stat(\"%s\"): %s", __func__, > component, strerror(errno)); >- if (st.st_uid != 0 || (st.st_mode & 022) != 0) >+ if (st.st_uid != SUPERUSER || (st.st_mode & 022) != 0) > fatal("bad ownership or modes for chroot " > "directory %s\"%s\"", > cp == NULL ? "" : "component ", component); >@@ -1445,6 +1452,7 @@ do_setusercontext(struct passwd *pw) > static void > do_pwchange(Session *s) > { >+ debug3("%s: About to flush all",__func__); > fflush(NULL); > fprintf(stderr, "WARNING: Your password has expired.\n"); > if (s->ttyfd != -1) { >@@ -1464,6 +1472,7 @@ do_pwchange(Session *s) > fprintf(stderr, > "Password change required but no TTY available.\n"); > } >+ debug3("%s: Exit",__func__); > exit(1); > } > >@@ -1524,6 +1533,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); > > /* remove hostkey from the child's memory */ >+ debug3("%s: entering do_child()", __func__); > destroy_sensitive_data(); > ssh_packet_clear_keys(ssh); > >@@ -1536,7 +1546,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > } > > /* >- * Login(1) does this as well, and it needs uid 0 for the "-h" >+ * Login(1) does this as well, and it needs uid SUPERUSER for the "-h" > * switch, so we let login(1) to this for us. > */ > #ifdef HAVE_OSF_SIA >@@ -1571,6 +1581,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > */ > shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; > >+ debug3("%s: Shell path=%s", __func__, shell ); > /* > * Make sure $SHELL points to the shell from the password file, > * even if shell is overridden from login.conf >@@ -1649,6 +1660,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > remote_id); > printf("This service allows sftp connections only.\n"); > fflush(NULL); >+ debug3("%s: Exit",__func__); > exit(1); > } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { > extern int optind, optreset; >@@ -1669,6 +1681,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > exit(sftp_server_main(i, argv, s->pw)); > } > >+ debug3("%s: Passed initial restrictions",__func__); > fflush(NULL); > > /* Get the last component of the shell name. */ >@@ -1698,6 +1711,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) > /* Execute the shell. */ > argv[0] = argv0; > argv[1] = NULL; >+ debug3("%s: Shell args=%s", __func__, argv0); > execve(shell, argv, env); > > /* Executing the shell failed. */ >@@ -1712,6 +1726,11 @@ do_child(struct ssh *ssh, Session *s, const char *command) > argv[1] = "-c"; > argv[2] = (char *) command; > argv[3] = NULL; >+ if ( command != NULL ) >+ debug3("%s: Shell args=%s -c %s", __func__, (char *) shell0, (char *) command); >+ else >+ debug3("%s: Shell args=%s -c ", __func__, (char *) shell0); >+ > execve(shell, argv, env); > perror(shell); > exit(1); >@@ -2165,7 +2184,11 @@ session_signal_req(struct ssh *ssh, Session *s) > debug("%s: signal %s, killpg(%ld, %d)", __func__, signame, > (long)s->pid, sig); > temporarily_use_uid(s->pw); >+#if defined(__TANDEM) >+ r = kill(s->pid, sig); >+#else > r = killpg(s->pid, sig); >+#endif > restore_uid(); > if (r != 0) { > error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid, >@@ -2282,7 +2305,7 @@ session_pty_cleanup2(Session *s) > record_logout(s->pid, s->tty, s->pw->pw_name); > > /* Release the pseudo-tty. */ >- if (getuid() == 0) >+ if (getuid() == SUPERUSER) > pty_release(s->tty); > > /* >diff --git a/sftp-client.c b/sftp-client.c >index 72f7fff7..4d489e23 100644 >--- a/sftp-client.c >+++ b/sftp-client.c >@@ -22,6 +22,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN MAX */ > #include <sys/types.h> > #ifdef HAVE_SYS_STATVFS_H > #include <sys/statvfs.h> >@@ -1472,7 +1477,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, > tv[0].tv_sec = a->atime; > tv[1].tv_sec = a->mtime; > tv[0].tv_usec = tv[1].tv_usec = 0; >- if (utimes(local_path, tv) == -1) >+ if (utimes((char *)local_path, tv) == -1) > error("Can't set times on \"%s\": %s", > local_path, strerror(errno)); > } >@@ -1573,7 +1578,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, > tv[0].tv_sec = dirattrib->atime; > tv[1].tv_sec = dirattrib->mtime; > tv[0].tv_usec = tv[1].tv_usec = 0; >- if (utimes(dst, tv) == -1) >+ if (utimes((char *)dst, tv) == -1) > error("Can't set times on \"%s\": %s", > dst, strerror(errno)); > } else >diff --git a/sftp-server.c b/sftp-server.c >index 359204fa..eb5adf3c 100644 >--- a/sftp-server.c >+++ b/sftp-server.c >@@ -17,6 +17,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN */ > #include <sys/types.h> > #include <sys/stat.h> > #ifdef HAVE_SYS_TIME_H >diff --git a/sftp.c b/sftp.c >index 2799e4a1..ba139791 100644 >--- a/sftp.c >+++ b/sftp.c >@@ -2440,7 +2440,7 @@ main(int argc, char **argv) > case 'v': > if (debug_level < 3) { > addargs(&args, "-v"); >- ll = SYSLOG_LEVEL_DEBUG1 + debug_level; >+ ll = (LogLevel)(SYSLOG_LEVEL_DEBUG1 + debug_level); > } > debug_level++; > break; >diff --git a/ssh-agent.c b/ssh-agent.c >index e081413b..28e6cda7 100644 >--- a/ssh-agent.c >+++ b/ssh-agent.c >@@ -36,6 +36,11 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ >+#include <sys/param.h> /* MIN MAX */ > #include <sys/types.h> > #include <sys/param.h> > #include <sys/resource.h> >@@ -927,7 +932,7 @@ handle_socket_read(u_int socknum) > close(fd); > return -1; > } >- if ((euid != 0) && (getuid() != euid)) { >+ if ((euid != SUPERUSER) && (getuid() != euid)) { > error("uid mismatch: peer euid %u != uid %u", > (u_int) euid, (u_int) getuid()); > close(fd); >@@ -1308,10 +1313,14 @@ main(int ac, char **av) > * a few spare for libc / stack protectors / sanitisers, etc. > */ > #define SSH_AGENT_MIN_FDS (3+1+1+1+4) >+#ifdef HAVE_SETRLIMIT > if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) > fatal("%s: file descriptor rlimit %lld too low (minimum %u)", > __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); > maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; >+#else >+ maxfds = _POSIX_OPEN_MAX - SSH_AGENT_MIN_FDS; >+#endif > > parent_pid = getpid(); > >diff --git a/ssh-keygen.c b/ssh-keygen.c >index 2c5c75db..8b3af4de 100644 >--- a/ssh-keygen.c >+++ b/ssh-keygen.c >@@ -1212,8 +1212,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) > fprintf(ctx->out, "%s\n", l->line); > return 0; > } >+#if ! defined(__TANDEM) > /* NOTREACHED */ > return -1; >+#endif > } > > static int >@@ -3324,7 +3326,7 @@ main(int argc, char **argv) > #endif > > /* reinit */ >- log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1); >+ log_init(argv[0], (LogLevel)log_level, SYSLOG_FACILITY_USER, 1); > > argv += optind; > argc -= optind; >diff --git a/ssh-keyscan.c b/ssh-keyscan.c >index a5e64407..5155e33d 100644 >--- a/ssh-keyscan.c >+++ b/ssh-keyscan.c >@@ -774,7 +774,7 @@ main(int argc, char **argv) > if (optind == argc && !fopt_count) > usage(); > >- log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1); >+ log_init("ssh-keyscan", (LogLevel)log_level, SYSLOG_FACILITY_USER, 1); > > maxfd = fdlim_get(1); > if (maxfd < 0) >diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c >index 8a0ffef5..366eecad 100644 >--- a/ssh-pkcs11-client.c >+++ b/ssh-pkcs11-client.c >@@ -244,12 +244,13 @@ wrap_key(struct sshkey *k) > static int > pkcs11_start_helper_methods(void) > { >- if (helper_rsa != NULL) >- return (0); >- > #ifdef HAVE_EC_KEY_METHOD_NEW > int (*orig_sign)(int, const unsigned char *, int, unsigned char *, > unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; >+ >+ if (helper_rsa != NULL) >+ return (0); >+ > if (helper_ecdsa != NULL) > return (0); > helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); >diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c >index d73e8357..3d971a7a 100644 >--- a/ssh-pkcs11-helper.c >+++ b/ssh-pkcs11-helper.c >@@ -17,6 +17,10 @@ > > #include "includes.h" > >+#ifdef __TANDEM >+#include <floss.h(floss_write,floss_read)> >+#endif >+ > #include <sys/types.h> > #ifdef HAVE_SYS_TIME_H > # include <sys/time.h> >diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c >index ec0e9186..c2ebc576 100644 >--- a/ssh-pkcs11.c >+++ b/ssh-pkcs11.c >@@ -1519,7 +1519,7 @@ pkcs11_register_provider(char *provider_id, char *pin, > error("dlopen %s failed: %s", provider_id, dlerror()); > goto fail; > } >- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { >+ if ((getfunctionlist = (CK_RV (*)(CK_FUNCTION_LIST **))dlsym(handle, "C_GetFunctionList")) == NULL) { > error("dlsym(C_GetFunctionList) failed: %s", dlerror()); > goto fail; > } >diff --git a/ssh.c b/ssh.c >index 98b6ce78..fa86d556 100644 >--- a/ssh.c >+++ b/ssh.c >@@ -288,7 +288,7 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) > if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) { > if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA)) > loglevel = SYSLOG_LEVEL_ERROR; >- do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s", >+ do_log2((LogLevel)loglevel, "%s: Could not resolve hostname %.100s: %s", > __progname, name, ssh_gai_strerror(gaierr)); > return NULL; > } >diff --git a/sshd.c b/sshd.c >index 6f8f11a3..785e0cec 100644 >--- a/sshd.c >+++ b/sshd.c >@@ -553,7 +553,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) > #ifdef DISABLE_FD_PASSING > if (1) { > #else >- if (authctxt->pw->pw_uid == 0) { >+ if (authctxt->pw->pw_uid == SUPERUSER) { > #endif > /* File descriptor passing is broken or root login */ > use_privsep = 0; >@@ -1522,7 +1522,7 @@ main(int ac, char **av) > av = saved_argv; > #endif > >- if (geteuid() == 0 && setgroups(0, NULL) == -1) >+ if (geteuid() == SUPERUSER && setgroups(0, NULL) == -1) > debug("setgroups(): %.200s", strerror(errno)); > > /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ >@@ -1753,7 +1753,7 @@ main(int ac, char **av) > ); > > /* Store privilege separation user for later use if required. */ >- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); >+ privsep_chroot = use_privsep && (getuid() == SUPERUSER || geteuid() == SUPERUSER); > if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { > if (privsep_chroot || options.kerberos_authentication) > fatal("Privilege separation user %s does not exist", >@@ -1912,7 +1912,7 @@ main(int ac, char **av) > (st.st_uid != getuid () || > (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) > #else >- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) >+ if (st.st_uid != SUPERUSER || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) > #endif > fatal("%s must be owned by root and not group or " > "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); >diff --git a/sshpty.c b/sshpty.c >index bce09e25..908bb3c7 100644 >--- a/sshpty.c >+++ b/sshpty.c >@@ -86,7 +86,7 @@ void > pty_release(const char *tty) > { > #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) >- if (chown(tty, (uid_t) 0, (gid_t) 0) == -1) >+ if (chown(tty, (uid_t) SUPERUSER, (gid_t) SUPERUSER) < 0) > error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); > if (chmod(tty, (mode_t) 0666) == -1) > error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); >@@ -192,7 +192,7 @@ pty_setowner(struct passwd *pw, const char *tty) > if (st.st_uid != pw->pw_uid || st.st_gid != gid) { > if (chown(tty, pw->pw_uid, gid) == -1) { > if (errno == EROFS && >- (st.st_uid == pw->pw_uid || st.st_uid == 0)) >+ (st.st_uid == pw->pw_uid || st.st_uid == SUPERUSER)) > debug("chown(%.100s, %u, %u) failed: %.100s", > tty, (u_int)pw->pw_uid, (u_int)gid, > strerror(errno)); >diff --git a/uidswap.c b/uidswap.c >index 40e12150..f8c4ee58 100644 >--- a/uidswap.c >+++ b/uidswap.c >@@ -30,9 +30,9 @@ > > /* > * Note: all these functions must work in all of the following cases: >- * 1. euid=0, ruid=0 >- * 2. euid=0, ruid!=0 >- * 3. euid!=0, ruid!=0 >+ * 1. euid=SUPERUSER, ruid=SUPERUSER >+ * 2. euid=SUPERUSER, ruid!=SUPERUSER >+ * 3. euid!=SUPERUSER, ruid!=SUPERUSER > * Additionally, they must work regardless of whether the system has > * POSIX saved uids or not. > */ >@@ -68,13 +68,13 @@ temporarily_use_uid(struct passwd *pw) > (u_int)pw->pw_uid, (u_int)pw->pw_gid, > (u_int)saved_euid, (u_int)saved_egid); > #ifndef HAVE_CYGWIN >- if (saved_euid != 0) { >+ if (saved_euid != SUPERUSER) { > privileged = 0; > return; > } > #endif > #else >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > privileged = 0; > return; > } >@@ -210,7 +210,7 @@ permanently_set_uid(struct passwd *pw) > > #ifndef NO_UID_RESTORATION_TEST > /* Try restoration of GID if changed (test clearing of saved gid) */ >- if (old_gid != pw->pw_gid && pw->pw_uid != 0 && >+ if (old_gid != pw->pw_gid && pw->pw_uid != SUPERUSER && > (setgid(old_gid) != -1 || setegid(old_gid) != -1)) > fatal("%s: was able to restore old [e]gid", __func__); > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3443">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3205
: 3443