- (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in

openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter closefrom() replacement from sudo; ok dtucker@
2004-08-15 18:40:59 +10:00 · 2004-08-15 18:40:59 +10:00 · 36f4965020
parent 25f60a7ee7
commit 36f4965020
8 changed files with 138 additions and 38 deletions
--- a/6
+++ b/6
@ -1,6 +1,10 @@
 20040815
 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
   it does the right thing on all platforms.  ok djm@
+ - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in 
+   openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c 
+   openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter 
+   closefrom() replacement from sudo; ok dtucker@

 20040814
 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
@ -1635,4 +1639,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3509 2004/08/15 07:23:34 dtucker Exp $
+$Id: ChangeLog,v 1.3510 2004/08/15 08:40:59 djm Exp $
--- a/acconfig.h
+++ b/acconfig.h
@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.178 2004/06/28 06:01:20 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.179 2004/08/15 08:40:59 djm Exp $ */

 /*
 * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@ -454,6 +454,9 @@
 /* Define if your resolver libs need this for getrrsetbyname */
 #undef BIND_8_COMPAT

+/* Define if you have /proc/$pid/fd */
+#undef HAVE_PROC_PID
+
@BOTTOM@

 /* ******************* Shouldn't need to edit below this line ************** */
--- a/configure.ac
+++ b/configure.ac
@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.224 2004/07/19 17:19:27 tim Exp $
+# $Id: configure.ac,v 1.225 2004/08/15 08:40:59 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@ -517,16 +517,16 @@ int main(){exit(0);}
 )

 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
-	getopt.h glob.h ia.h lastlog.h limits.h login.h \
-	login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+	floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+	login_cap.h maillock.h ndir.h netdb.h netgroup.h \
 	netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-	strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
-	sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
-	sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
-	sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
-	ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+	strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+	sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+	sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+	sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+	time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)

 # Checks for libraries.
 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
@ -731,6 +731,14 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
 	]
 )

+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+	AC_DEFINE(HAVE_PROC_PID)
+	AC_MSG_RESULT(yes)
+else
+	AC_MSG_RESULT(no)
+fi
+
 # Check whether user wants S/Key support
 SKEY_MSG="no"
 AC_ARG_WITH(skey,
@ -833,8 +841,8 @@ AC_ARG_WITH(tcp-wrappers,
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
 	arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
-	bindresvport_sa clock closefrom fchmod fchown freeaddrinfo futimes \
-	getaddrinfo getcwd getgrouplist getnameinfo getopt \
+	bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
+	futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
 	getpeereid _getpty getrlimit getttyent glob inet_aton \
 	inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
 	mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.30 2004/01/21 06:07:23 djm Exp $
+# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $

 sysconfdir=@sysconfdir@
 piddir=@piddir@
@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@

 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o

-COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o

 PORTS=port-irix.o port-aix.o

--- a/openbsd-compat/bsd-closefrom.c
+++ b/openbsd-compat/bsd-closefrom.c
@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_CLOSEFROM
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <stddef.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+
+#ifndef OPEN_MAX
+# define OPEN_MAX	256
+#endif
+
+RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $");
+
+#ifndef lint
+static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
+#endif /* lint */
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ */
+void
+closefrom(int lowfd)
+{
+    long fd, maxfd;
+#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+    char fdpath[PATH_MAX], *endp;
+    struct dirent *dent;
+    DIR *dirp;
+    int len;
+
+    /* Check for a /proc/$$/fd directory. */
+    len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
+    if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
+	while ((dent = readdir(dirp)) != NULL) {
+	    fd = strtol(dent->d_name, &endp, 10);
+	    if (dent->d_name != endp && *endp == '\0' &&
+		fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+		(void) close((int) fd);
+	}
+	(void) closedir(dirp);
+    } else
+#endif
+    {
+	/*
+	 * Fall back on sysconf() or getdtablesize().  We avoid checking
+	 * resource limits since it is possible to open a file descriptor
+	 * and then drop the rlimit such that it is below the open fd.
+	 */
+#ifdef HAVE_SYSCONF
+	maxfd = sysconf(_SC_OPEN_MAX);
+#else
+	maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+	if (maxfd < 0)
+	    maxfd = OPEN_MAX;
+
+	for (fd = lowfd; fd < maxfd; fd++)
+	    (void) close((int) fd);
+    }
+}
+
+#endif /* HAVE_CLOSEFROM */
+
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@ -1,3 +1,4 @@
+
 /*
 * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
 *
@ -17,7 +18,7 @@
 #include "includes.h"
 #include "xmalloc.h"

-RCSID("$Id: bsd-misc.c,v 1.24 2004/08/13 08:37:21 dtucker Exp $");
+RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $");

 #ifndef HAVE___PROGNAME
 char *__progname;
@ -196,22 +197,6 @@ tcsendbreak(int fd, int duration)
 }
 #endif /* HAVE_TCSENDBREAK */

-#ifndef HAVE_CLOSEFROM
-int
-closefrom(int fd)
-{
-	int i, result = 0, err = 0;
-
-	for (i = fd; i < 128; i++)
-		if (close(i) != 0) {
-			err = errno;
-			result = -1;
-		}
-	errno = err;
-	return result;
-}
-#endif /* HAVE_CLOSEFROM */
-
 mysig_t
 mysignal(int sig, mysig_t act)
 {
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.16 2004/06/25 04:03:34 dtucker Exp $ */
+/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */

 /*
 * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
@ -93,10 +93,6 @@ int tcsendbreak(int, int);
 void unsetenv(const char *);
 #endif

-#ifndef HAVE_CLOSEFROM
-int closefrom(int);
-#endif
-
 /* wrapper for signal interface */
 typedef void (*mysig_t)(int);
 mysig_t mysignal(int sig, mysig_t act);
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.25 2004/01/21 06:07:23 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */

 /*
 * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@ -48,6 +48,10 @@ char *basename(const char *path);
 int bindresvport_sa(int sd, struct sockaddr *sa);
 #endif

+#ifndef HAVE_CLOSEFROM
+void closefrom(int);
+#endif
+
 #ifndef HAVE_GETCWD
 char *getcwd(char *pt, size_t size);
 #endif