- (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]

[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@

CREDITS

@@ -25,6 +25,7 @@ Chris, the Young One <cky@pobox.com> - Password auth fixes
 Christos Zoulas <christos@zoulas.com> - Autoconf fixes
 Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
 Corinna Vinschen <vinschen@redhat.com> - Cygwin support
+Chad Mynhier <mynhier@interstel.net> - Solaris Process Contract support
 Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
 Darren Hall <dhall@virage.org> - AIX patches
 Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
@@ -100,5 +101,5 @@ Apologies to anyone I have missed.
 
 Damien Miller <djm@mindrot.org>
 
-$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
+$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $
 

ChangeLog

@@ -1,3 +1,11 @@
+20060831
+ - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
+   [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
+   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
+   [openbsd-compat/port-solaris.h] Add support for Solaris process
+   contracts, enabled with --use-solaris-contracts. Patch from Chad
+   Mynhier, tweaked by dtucker@ and myself; ok dtucker@
+
 20060830
  - (djm) OpenBSD CVS Sync
    - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
@@ -5338,4 +5346,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $
+$Id: ChangeLog,v 1.4519 2006/08/30 17:24:41 djm Exp $

LICENCE

@@ -288,6 +288,7 @@ OpenSSH contains no GPL code.
 	Internet Software Consortium.
 	Todd C. Miller
 	Reyk Floeter
+	Chad Mynhier
 
 	* Permission to use, copy, modify, and distribute this software for any
 	* purpose with or without fee is hereby granted, provided that the above

Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.280 2006/08/22 12:24:11 dtucker Exp $
+# $Id: Makefile.in,v 1.281 2006/08/30 17:24:41 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -44,6 +44,7 @@ CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
 LIBSELINUX=@LIBSELINUX@
+SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 LIBPAM=@LIBPAM@
 LIBWRAP=@LIBWRAP@
@@ -87,7 +88,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
-	audit.o audit-bsm.o
+	audit.o audit-bsm.o platform.o
 
 MANPAGES	= scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@@ -137,7 +138,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS)
 
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
 	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.355 2006/08/20 11:43:19 dtucker Exp $
+# $Id: configure.ac,v 1.356 2006/08/30 17:24:41 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.355 $)
+AC_REVISION($Revision: 1.356 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -127,6 +127,10 @@ AC_ARG_WITH(rpath,
 	]
 )
 
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+
 # Check for some target-specific stuff
 case "$host" in
 *-*-aix*)
@@ -438,6 +442,17 @@ mips-sony-bsd|mips-sony-newsos4)
 	else
 		AC_MSG_RESULT(no)
 	fi
+	AC_ARG_WITH(solaris-contracts,
+		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
+		[
+		AC_CHECK_LIB(contract, ct_tmpl_activate,
+			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+				[Define if you have Solaris process contracts])
+			  SSHDLIBS="$SSHDLIBS -lcontract"
+			  AC_SUBST(SSHDLIBS)
+			  SPC_MSG="yes" ], )
+		],
+	)
 	;;
 *-*-sunos4*)
 	CPPFLAGS="$CPPFLAGS -DSUNOS4"
@@ -586,6 +601,7 @@ mips-sony-bsd|mips-sony-newsos4)
 				system's login() call])
 			AC_DEFINE(DISABLE_FD_PASSING)
 			LIBS="$LIBS -lsecurity -ldb -lm -laud"
+			SIA_MSG="yes"
 		else
 			AC_MSG_RESULT(no)
 			AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
@@ -3905,6 +3921,7 @@ echo "          sshd superuser user PATH: $J"
 fi
 echo "                    Manpage format: $MANTYPE"
 echo "                       PAM support: $PAM_MSG"
+echo "                   OSF SIA support: $SIA_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
 echo "                   SELinux support: $SELINUX_MSG"
 echo "                 Smartcard support: $SCARD_MSG"
@@ -3912,6 +3929,7 @@ echo "                     S/KEY support: $SKEY_MSG"
 echo "              TCP Wrappers support: $TCPW_MSG"
 echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
+echo "  Solaris process contract support: $SPC_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"

includes.h

@@ -160,6 +160,7 @@
 
 #include "defines.h"
 
+#include "platform.h"
 #include "openbsd-compat/openbsd-compat.h"
 #include "openbsd-compat/bsd-nextstep.h"
 

openbsd-compat/Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $
+# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl
 
 COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
-PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o
+PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

openbsd-compat/openbsd-compat.h

@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.40 2006/07/12 13:10:34 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -190,10 +190,12 @@ char *shadow_pw(struct passwd *pw);
 /* Routines for a single OS platform */
 #include "bsd-cray.h"
 #include "bsd-cygwin_util.h"
+
+#include "port-aix.h"
 #include "port-irix.h"
 #include "port-linux.h"
-#include "port-aix.h"
-#include "port-uw.h"
+#include "port-solaris.h"
 #include "port-tun.h"
+#include "port-uw.h"
 
 #endif /* _OPENBSD_COMPAT_H */

openbsd-compat/port-solaris.c

@@ -0,0 +1,189 @@
+/* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Chad Mynhier.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+#include "includes.h"
+
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+#include <string.h>
+#include <unistd.h>
+
+#include <libcontract.h>
+#include <sys/contract/process.h>
+#include <sys/ctfs.h>
+
+#include "log.h"
+
+#define CT_TEMPLATE	CTFS_ROOT "/process/template"
+#define CT_LATEST	CTFS_ROOT "/process/latest"
+
+static int tmpl_fd = -1;
+
+/* Lookup the latest process contract */
+static ctid_t
+get_active_process_contract_id(void)
+{
+	int stat_fd;
+	ctid_t ctid = -1;
+	ct_stathdl_t stathdl;
+
+	if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) {
+		error("%s: Error opening 'latest' process "
+		    "contract: %s", __func__, strerror(errno));
+		return -1;
+	}
+	if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) {
+		error("%s: Error reading process contract "
+		    "status: %s", __func__, strerror(errno));
+		goto out;
+	}
+	if ((ctid = ct_status_get_id(stathdl)) < 0) {
+		error("%s: Error getting process contract id: %s",
+		    __func__, strerror(errno));
+		goto out;
+	}
+
+	ct_status_free(stathdl);
+ out:
+	close(stat_fd);
+	return ctid;
+}
+
+void
+solaris_contract_pre_fork(void)
+{
+	if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) {
+		error("%s: open %s: %s", __func__,
+		    CT_TEMPLATE, strerror(errno));
+		return;
+	}
+
+	debug2("%s: setting up process contract template on fd %d",
+	    __func__, tmpl_fd);
+
+	/* We have to set certain attributes before activating the template */
+	if (ct_pr_tmpl_set_fatal(tmpl_fd,
+	    CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) {
+		error("%s: Error setting process contract template "
+		    "fatal events: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) {
+		error("%s: Error setting process contract template "
+		    "critical events: %s", __func__, strerror(errno));
+		goto fail;
+	}
+
+	/* Now make this the active template for this process. */
+	if (ct_tmpl_activate(tmpl_fd) != 0) {
+		error("%s: Error activating process contract "
+		    "template: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	return;
+
+ fail:
+	if (tmpl_fd != -1) {
+		close(tmpl_fd);
+		tmpl_fd = -1;
+	}
+}
+
+void
+solaris_contract_post_fork_child()
+{
+	debug2("%s: clearing process contract template on fd %d",
+	    __func__, tmpl_fd);
+
+	/* Clear the active template. */
+	if (ct_tmpl_clear(tmpl_fd) != 0)
+		error("%s: Error clearing active process contract "
+		    "template: %s", __func__, strerror(errno));
+
+	close(tmpl_fd);
+	tmpl_fd = -1;
+}
+
+void
+solaris_contract_post_fork_parent(pid_t pid)
+{
+	ctid_t ctid;
+	char ctl_path[256];
+	int r, ctl_fd = -1, stat_fd = -1;
+
+	debug2("%s: clearing template (fd %d)", __func__, tmpl_fd);
+
+	if (tmpl_fd == -1)
+		return;
+
+	/* First clear the active template. */
+	if ((r = ct_tmpl_clear(tmpl_fd)) != 0)
+		error("%s: Error clearing active process contract "
+		    "template: %s", __func__, strerror(errno));
+
+	close(tmpl_fd);
+	tmpl_fd = -1;
+
+	/*
+	 * If either the fork didn't succeed (pid < 0), or clearing
+	 * th active contract failed (r != 0), then we have nothing
+	 * more do.
+	 */
+	if (r != 0 || pid <= 0)
+		return;
+
+	/* Now lookup and abandon the contract we've created. */
+	ctid = get_active_process_contract_id();
+
+	debug2("%s: abandoning contract id %ld", __func__, ctid);
+
+	snprintf(ctl_path, sizeof(ctl_path),
+	    CTFS_ROOT "/process/%ld/ctl", ctid);
+	if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) {
+		error("%s: Error opening process contract "
+		    "ctl file: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	if (ct_ctl_abandon(ctl_fd) < 0) {
+		error("%s: Error abandoning process contract: %s",
+		    __func__, strerror(errno));
+		goto fail;
+	}
+	close(ctl_fd);
+	return;
+
+ fail:
+	if (tmpl_fd != -1) {
+		close(tmpl_fd);
+		tmpl_fd = -1;
+	}
+	if (stat_fd != -1)
+		close(stat_fd);
+	if (ctl_fd != -1)
+		close(ctl_fd);
+}
+#endif

openbsd-compat/port-solaris.h

@@ -0,0 +1,27 @@
+/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Chad Mynhier.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _PORT_SOLARIS_H
+
+#include <sys/types.h>
+
+void solaris_contract_pre_fork(void);
+void solaris_contract_post_fork_child(void);
+void solaris_contract_post_fork_parent(pid_t pid);
+
+#endif

platform.c

@@ -0,0 +1,46 @@
+/* $Id: platform.c,v 1.1 2006/08/30 17:24:41 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Darren Tucker.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+#include "platform.h"
+
+#include "openbsd-compat/openbsd-compat.h"
+
+void
+platform_pre_fork(void)
+{
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+	solaris_contract_pre_fork();
+#endif
+}
+
+void
+platform_post_fork_parent(pid_t child_pid)
+{
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+	solaris_contract_post_fork_parent(child_pid);
+#endif
+}
+
+void
+platform_post_fork_child(void)
+{
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+	solaris_contract_post_fork_child();
+#endif
+}

platform.h

@@ -0,0 +1,23 @@
+/* $Id: platform.h,v 1.1 2006/08/30 17:24:41 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Darren Tucker.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+void platform_pre_fork(void);
+void platform_post_fork_parent(pid_t child_pid);
+void platform_post_fork_child(void);

sshd.c

@@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			 * the child process the connection. The
 			 * parent continues listening.
 			 */
+			platform_pre_fork();
 			if ((pid = fork()) == 0) {
 				/*
 				 * Child.  Close the listening and
@@ -1163,6 +1164,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 				 * We break out of the loop to handle
 				 * the connection.
 				 */
+				platform_post_fork_child();
 				startup_pipe = startup_p[1];
 				close_startup_pipes();
 				close_listen_socks();
@@ -1178,6 +1180,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			}
 
 			/* Parent.  Stay in the loop. */
+			platform_post_fork_parent(pid);
 			if (pid < 0)
 				error("fork: %.100s", strerror(errno));
 			else