diff --git a/ChangeLog b/ChangeLog index 632b41da0..67cc57cbd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20020714 - (tim) [Makefile.in] replace "id sshd" with "sshd -t" + - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c + openbsd-compat/Makefile.in] support compression on platforms that + have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c + Based on patch from nalin@redhat.com of code extracted from Owl's package 20020712 - (tim) [Makefile.in] quiet down install-files: and check-user: @@ -1352,4 +1356,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2362 2002/07/14 17:02:20 tim Exp $ +$Id: ChangeLog,v 1.2363 2002/07/14 20:36:49 tim Exp $ diff --git a/acconfig.h b/acconfig.h index 147295510..f8fc650d7 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.143 2002/07/09 14:06:40 mouring Exp $ */ +/* $Id: acconfig.h,v 1.144 2002/07/14 20:36:50 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -358,9 +358,6 @@ /* Path that unprivileged child will chroot() to in privep mode */ #undef PRIVSEP_PATH -/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ -#undef HAVE_MMAP_ANON_SHARED - /* Define if your platform needs to skip post auth file descriptor passing */ #undef DISABLE_FD_PASSING diff --git a/configure.ac b/configure.ac index 0c60c5e61..1fb3056e6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.78 2002/07/13 01:11:25 tim Exp $ +# $Id: configure.ac,v 1.79 2002/07/14 20:36:50 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -583,31 +583,6 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) -if test $ac_cv_func_mmap = yes ; then -AC_MSG_CHECKING([for mmap anon shared]) -AC_TRY_RUN( - [ -#include -#include -#include -#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) -#define MAP_ANON MAP_ANONYMOUS -#endif -main() { char *p; -p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); -if (p == (char *)-1) - exit(1); -exit(0); -} - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_MMAP_ANON_SHARED) - ], - [ AC_MSG_RESULT(no) ] -) -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ diff --git a/monitor_mm.c b/monitor_mm.c index f72a180ea..fb5f2c82c 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -91,15 +91,9 @@ mm_create(struct mm_master *mmalloc, size_t size) */ mm->mmalloc = mmalloc; -#ifdef HAVE_MMAP_ANON_SHARED - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, - -1, 0); + address = xmmap(size); if (address == MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); -#else - fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", - __func__); -#endif mm->address = address; mm->size = size; @@ -137,7 +131,7 @@ mm_destroy(struct mm_master *mm) mm_freelist(mm->mmalloc, &mm->rb_free); mm_freelist(mm->mmalloc, &mm->rb_allocated); -#ifdef HAVE_MMAP_ANON_SHARED +#ifdef HAVE_MMAP if (munmap(mm->address, mm->size) == -1) fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, strerror(errno)); diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3e09cfefe..c365ae18f 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.21 2002/02/19 20:27:57 mouring Exp $ +# $Id: Makefile.in,v 1.22 2002/07/14 20:36:51 tim Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o -COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o +COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o PORTS=port-irix.o port-aix.o diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c new file mode 100644 index 000000000..a6b7d3bdf --- /dev/null +++ b/openbsd-compat/xmmap.c @@ -0,0 +1,65 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef HAVE_SYS_MMAN_H +#include +#endif + +void *xmmap(size_t size) +{ + void *address; + +#ifdef HAVE_MMAP +# ifdef MAP_ANON + address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, + -1, 0); +# else + address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, + open("/dev/zero", O_RDWR), 0); +# endif + +#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" + if (address == MAP_FAILED) { + char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; + int tmpfd; + + tmpfd = mkstemp(tmpname); + if (tmpfd == -1) + fatal("mkstemp(\"%s\"): %s", + MM_SWAP_TEMPLATE, strerror(errno)); + unlink(tmpname); + ftruncate(tmpfd, size); + address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, + tmpfd, 0); + close(tmpfd); + } + + return (address); +#else + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", + __func__); +#endif /* HAVE_MMAP */ + +} + diff --git a/servconf.c b/servconf.c index f311ae48d..bdf39afb8 100644 --- a/servconf.c +++ b/servconf.c @@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP_ANON_SHARED) +#ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " "separation and compression");