OpenSSH 3.5p1 port

Andreas_Schneider · March 7, 2003, 10:52am

Hi!

I have ported the new version 3.5p1 of OpenSSH to QNX 4; most changes
are similar to my port of version 3.0.2p1. For compilation you need the
files qnx4.c and qsetlogin.c I posted for that version as well.

I couldn’t get privilege separation working, you have to turn it off
for now. If you know how to solve this problem, please let me know.

Andreas

diff -rnu openssh-3.5p1.orig/includes.h openssh-3.5p1.qnx/includes.h
— openssh-3.5p1.orig/includes.h Thu Sep 26 02:38:48 2002
+++ openssh-3.5p1.qnx/includes.h Sun Dec 22 13:41:14 2002
@@ -104,7 +104,9 @@
#ifdef HAVE_SYS_TIME_H

include <sys/time.h> /* For timersub */

#endif
+#if !defined(QNX) || defined(QNXNTO)
#include <sys/resource.h>
+#endif /* !QNX || QNXNTO */
#ifdef HAVE_SYS_SELECT_H

include <sys/select.h>

#endif
diff -rnu openssh-3.5p1.orig/loginrec.c openssh-3.5p1.qnx/loginrec.c
— openssh-3.5p1.orig/loginrec.c Thu Sep 26 02:38:49 2002
+++ openssh-3.5p1.qnx/loginrec.c Sun Dec 22 14:19:37 2002
@@ -791,12 +791,17 @@
}
#else /* FIXME */

#if defined(QNX) && !defined(QNXNTO)
tty = 1;
#else
tty = ttyslot(); /* seems only to work for /dev/ttyp? style names */
#endif /* !QNX || QNXNTO */

#endif /* HAVE_GETTTYENT */

if (tty > 0 && (fd = open(UTMP_FILE, O_RDWR|O_CREAT, 0644)) >= 0) {
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
+#ifdef HAVE_HOST_IN_UTMP
/*

Prevent luser from zero’ing out ut_host.
If the new ut_line is empty but the old one is not
@@ -808,6 +813,7 @@
(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
}
+#endif /* HAVE_HOST_IN_UTMP */

(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
diff -rnu openssh-3.5p1.orig/rijndael.c openssh-3.5p1.qnx/rijndael.c
— openssh-3.5p1.orig/rijndael.c Thu Jul 11 06:01:29 2002
+++ openssh-3.5p1.qnx/rijndael.c Sun Dec 22 13:43:27 2002
@@ -855,7 +855,7 @@
return Nr;
}

-static void rijndaelEncrypt(const u32 rk[/4(Nr + 1)/], int Nr, const u8 pt[16], u8 ct[16]) {
+static void rijndaelEncrypt(u32 rk[/4(Nr + 1)/], int Nr, const u8 pt[16], u8 ct[16]) {
u32 s0, s1, s2, s3, t0, t1, t2, t3;
#ifndef FULL_UNROLL
int r;
@@ -1036,7 +1036,7 @@
PUTU32(ct + 12, s3);
}

-static void rijndaelDecrypt(const u32 rk[/4(Nr + 1)/], int Nr, const u8 ct[16], u8 pt[16]) {
+static void rijndaelDecrypt(u32 rk[/4(Nr + 1)/], int Nr, const u8 ct[16], u8 pt[16]) {
u32 s0, s1, s2, s3, t0, t1, t2, t3;
#ifndef FULL_UNROLL
int r;
diff -rnu openssh-3.5p1.orig/scp.c openssh-3.5p1.qnx/scp.c
— openssh-3.5p1.orig/scp.c Fri Jun 21 02:41:52 2002
+++ openssh-3.5p1.qnx/scp.c Sun Dec 22 16:03:53 2002
@@ -630,7 +630,11 @@
return;
}
while ((dp = readdir(dirp)) != NULL) {
+#if defined(QNX) && !defined(QNXNTO)

  if (dp->d_stat.st_ino == 0) /* other naming under QNX 4 */

+#else /* !QNX || QNXNTO /
if (dp->d_ino == 0)
+#endif / !QNX || QNXNTO */
continue;
if (!strcmp(dp->d_name, “.”) || !strcmp(dp->d_name, “…”))
continue;
diff -rnu openssh-3.5p1.orig/servconf.c openssh-3.5p1.qnx/servconf.c
— openssh-3.5p1.orig/servconf.c Thu Sep 5 06:35:15 2002
+++ openssh-3.5p1.qnx/servconf.c Sun Dec 22 14:52:42 2002
@@ -738,25 +738,31 @@
goto parse_flag;

case sLogFacility:

  intptr = (int *) &options->log_facility;

```
  {
```
```
  SyslogFacility *sptr;
```

  sptr = (SyslogFacility *) &options->log_facility;

arg = strdelim(&cp);
value = log_facility_number(arg);
if (value == SYSLOG_FACILITY_NOT_SET)
fatal("%.200s line %d: unsupported log facility ‘%s’",
filename, linenum, arg ? arg : “”);

```
  if (*intptr == -1)
```
```
  	*intptr = (SyslogFacility) value;
```

```
  if (*sptr == -1)
```
```
  	*sptr = (SyslogFacility) value;
```
```
  }
```

break;

case sLogLevel:

  intptr = (int *) &options->log_level;

```
  {
```
```
  LogLevel *lptr;
```

  lptr = (LogLevel *) &options->log_level;

arg = strdelim(&cp);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)
fatal("%.200s line %d: unsupported log level ‘%s’",
filename, linenum, arg ? arg : “”);

```
  if (*intptr == -1)
```
```
  	*intptr = (LogLevel) value;
```

```
  if (*lptr == -1)
```
```
  	*lptr = (LogLevel) value;
```
```
  }
```

break;

case sAllowTcpForwarding:
diff -rnu openssh-3.5p1.orig/session.c openssh-3.5p1.qnx/session.c
— openssh-3.5p1.orig/session.c Thu Sep 26 02:38:50 2002
+++ openssh-3.5p1.qnx/session.c Sun Dec 22 18:11:03 2002
@@ -595,7 +595,7 @@
close(ptyfd);

/* Make the pseudo tty our controlling tty. */

  pty_make_controlling_tty(&ttyfd, s->tty);

  pty_make_controlling_tty(&ttyfd, s->tty, s->pw->pw_name);

/* Redirect stdin/stdout/stderr from the pseudo tty. */
if (dup2(ttyfd, 0) < 0)
@@ -1219,7 +1219,11 @@
error(“setluid: %s”, strerror(errno));

endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */

+#if defined(QNX) && !defined(QNXNTO)

  if (qsetlogin(pw->pw_name, ttyname) < 0)

+#else /* !QNX || QNXNTO /
if (setlogin(pw->pw_name) < 0)
+#endif / !QNX || QNXNTO /
error(“setlogin failed: %s”, strerror(errno));
if (setgid(pw->pw_gid) < 0) {
perror(“setgid”);
diff -rnu openssh-3.5p1.orig/sshd.c openssh-3.5p1.qnx/sshd.c
— openssh-3.5p1.orig/sshd.c Mon Sep 30 03:59:23 2002
+++ openssh-3.5p1.qnx/sshd.c Sun Dec 22 14:27:15 2002
@@ -570,8 +570,10 @@
gidset[0] = pw->pw_gid;
if (setgid(pw->pw_gid) < 0)
fatal(“setgid failed for %u”, pw->pw_gid );
+#if !defined(QNX) || defined(QNXNTO)
if (setgroups(1, gidset) < 0)
fatal(“setgroups: %.100s”, strerror(errno));
+#endif / !QNX || QNXNTO */
permanently_set_uid(pw);
#endif
}
@@ -1073,8 +1075,10 @@

to create a file, and we can’t control the code in every
module which might be used).
/
+#if !defined(QNX) || defined(QNXNTO)
if (setgroups(0, NULL) < 0)
debug(“setgroups() failed: %.200s”, strerror(errno));
+#endif / !QNX || QNXNTO */

/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
diff -rnu openssh-3.5p1.orig/sshpty.c openssh-3.5p1.qnx/sshpty.c
— openssh-3.5p1.orig/sshpty.c Thu Sep 26 02:38:50 2002
+++ openssh-3.5p1.qnx/sshpty.c Sun Dec 22 18:16:32 2002
@@ -228,6 +228,9 @@
if (tcgetattr(ptyfd, &tio) < 0)
log(“Getting tty modes for pty failed: %.100s”, strerror(errno));
else {
+#ifndef ONLCR
+#define ONLCR 0
+#endif / ONLCR /
tio.c_lflag |= (ECHO | ISIG | ICANON);
tio.c_oflag |= (OPOST | ONLCR);
tio.c_iflag |= ICRNL;
@@ -261,7 +264,7 @@
/ Makes the tty the processes controlling tty and sets it to sane modes. */

void
-pty_make_controlling_tty(int *ttyfd, const char *ttyname)
+pty_make_controlling_tty(int *ttyfd, const char *ttyname, const char *loginname)
{
int fd;
#ifdef USE_VHANGUP
@@ -272,6 +275,10 @@
if (setsid() < 0)
error(“setsid: %.100s”, strerror(errno));

+#if defined(QNX) && !defined(QNXNTO)

qsetlogin(loginname,ttyname);
+#endif /* QNX && !QNXNTO */

fd = open(ttyname, O_RDWR|O_NOCTTY);
if (fd != -1) {
mysignal(SIGHUP, SIG_IGN);
@@ -302,6 +309,10 @@
#endif /* TIOCNOTTY */
if (setsid() < 0)
error(“setsid: %.100s”, strerror(errno));
+
+#if defined(QNX) && !defined(QNXNTO)

qsetlogin(loginname,ttyname);
+#endif /* QNX && !QNXNTO */

/*

Verify that we are successfully disconnected from the controlling
diff -rnu openssh-3.5p1.orig/sshpty.h openssh-3.5p1.qnx/sshpty.h
— openssh-3.5p1.orig/sshpty.h Tue Mar 5 02:53:05 2002
+++ openssh-3.5p1.qnx/sshpty.h Sun Dec 22 18:09:00 2002
@@ -19,8 +19,8 @@

int pty_allocate(int *, int *, char *, int);
void pty_release(const char *);
-void pty_make_controlling_tty(int *, const char *);
+void pty_make_controlling_tty(int *, const char *, const char *);
void pty_change_window_size(int, int, int, int, int);
void pty_setowner(struct passwd *, const char *);

#endif /* SSHPTY_H */
diff -rnu openssh-3.5p1.orig/sshtty.c openssh-3.5p1.qnx/sshtty.c
— openssh-3.5p1.orig/sshtty.c Tue Mar 5 02:53:05 2002
+++ openssh-3.5p1.qnx/sshtty.c Sun Dec 22 14:11:21 2002
@@ -77,7 +77,12 @@
perror(“tcgetattr”);
return;
}
+#if defined(QNX) && !defined(QNXNTO)

memcpy( &_saved_tio, &tio, sizeof(tio) );
#define IXANY 0 /* not available under QNX /
+#else / !QNX || QNXNTO /
_saved_tio = tio;
+#endif / !QNX || QNXNTO /
tio.c_iflag |= IGNPAR;
tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
diff -rnu openssh-3.5p1.orig/ttymodes.h openssh-3.5p1.qnx/ttymodes.h
— openssh-3.5p1.orig/ttymodes.h Wed Jun 12 19:32:31 2002
+++ openssh-3.5p1.qnx/ttymodes.h Sun Dec 22 14:13:30 2002
@@ -122,7 +122,9 @@
TTYMODE(IUCLC, c_iflag, 37)
#endif
TTYMODE(IXON, c_iflag, 38)
+#ifdef IXANY
TTYMODE(IXANY, c_iflag, 39)
+#endif / IXANY /
TTYMODE(IXOFF, c_iflag, 40)
#ifdef IMAXBEL
TTYMODE(IMAXBEL,c_iflag, 41)
diff -rnu openssh-3.5p1.orig/uidswap.c openssh-3.5p1.qnx/uidswap.c
— openssh-3.5p1.orig/uidswap.c Tue Jul 30 21:32:07 2002
+++ openssh-3.5p1.qnx/uidswap.c Sun Dec 22 14:24:04 2002
@@ -81,9 +81,11 @@
if (user_groupslen < 0)
fatal(“getgroups: %.100s”, strerror(errno));
}
+#if !defined(QNX) || defined(QNXNTO)
/ Set the effective uid to the given (unprivileged) uid. /
if (setgroups(user_groupslen, user_groups) < 0)
fatal(“setgroups: %.100s”, strerror(errno));
+#endif / !QNX || QNXNTO /
#ifndef SAVED_IDS_WORK_WITH_SETEUID
/ Propagate the privileged gid to all of our gids. /
if (setgid(getegid()) < 0)
@@ -131,8 +133,10 @@
setgid(getgid());
#endif / SAVED_IDS_WORK_WITH_SETEUID */

+#if !defined(QNX) || defined(QNXNTO)
if (setgroups(saved_egroupslen, saved_egroups) < 0)
fatal(“setgroups: %.100s”, strerror(errno));
+#endif /* !QNX || QNXNTO */
temporarily_use_uid_effective = 0;
}

diff -rnu openssh-3.5p1.orig/openbsd-compat/bsd-snprintf.c openssh-3.5p1.qnx/openbsd-compat/bsd-snprintf.c
— openssh-3.5p1.orig/openbsd-compat/bsd-snprintf.c Mon Feb 26 00:20:41 2001
+++ openssh-3.5p1.qnx/openbsd-compat/bsd-snprintf.c Sun Dec 22 14:08:40 2002
@@ -60,6 +60,10 @@

#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)

+#if !defined(QNX) || defined(QNXNTO)
+#define HAVE_LONG_LONG
+#endif /* !QNX || QNXNTO */
+
static void
dopr(char *buffer, size_t maxlen, const char *format, va_list args);

@@ -207,12 +211,18 @@
cflags = DP_C_LONG;
ch = format++;
if (ch == ‘l’) {
+#ifdef HAVE_LONG_LONG
cflags = DP_C_LONG_LONG;
+#endif / HAVE_LONG_LONG */
ch = format++;
}
break;
case ‘q’:
+#ifdef HAVE_LONG_LONG
cflags = DP_C_LONG_LONG;
+#else / !HAVE_LONG_LONG */

```
  				cflags = DP_C_LONG;
```

+#endif /* !HAVE_LONG_LONG */
ch = format++;
break;
case ‘L’:
@@ -232,8 +242,10 @@
value = va_arg(args, int);
else if (cflags == DP_C_LONG)
value = va_arg(args, long int);
+#ifdef HAVE_LONG_LONG
else if (cflags == DP_C_LONG_LONG)
value = va_arg (args, long long);
+#endif / HAVE_LONG_LONG /
else
value = va_arg (args, int);
fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
@@ -244,8 +256,10 @@
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
+#ifdef HAVE_LONG_LONG
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
+#endif / HAVE_LONG_LONG /
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags);
@@ -256,8 +270,10 @@
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
+#ifdef HAVE_LONG_LONG
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
+#endif / HAVE_LONG_LONG /
else
value = va_arg(args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
@@ -270,8 +286,10 @@
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
+#ifdef HAVE_LONG_LONG
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
+#endif / HAVE_LONG_LONG */
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags);
@@ -322,10 +340,12 @@
long int *num;
num = va_arg(args, long int *);
*num = currlen;
+#ifdef HAVE_LONG_LONG
} else if (cflags == DP_C_LONG_LONG) {
long long *num;
num = va_arg(args, long long *);
num = currlen;
+#endif / HAVE_LONG_LONG */
} else {
int *num;
num = va_arg(args, int *);

Tony_Williams1 · March 7, 2003, 6:35pm

Hi Andreas,

Were you able to port sftp too? I was told the sftp that comes with
OpenSSH required 64-bit integer support and the Watcom complier does not
support that.

Thanks,
Tony

Andreas Schneider wrote:

Hi!

I have ported the new version 3.5p1 of OpenSSH to QNX 4; most changes
are similar to my port of version 3.0.2p1. For compilation you need the
files qnx4.c and qsetlogin.c I posted for that version as well.

I couldn’t get privilege separation working, you have to turn it off
for now. If you know how to solve this problem, please let me know.

Andreas

Andreas_Schneider · March 12, 2003, 7:05pm

Hi Tony!

Tony Williams <tony@ctcqnx4.ctg.cummins.com> wrote:

Were you able to port sftp too? I was told the sftp that comes with
OpenSSH required 64-bit integer support and the Watcom complier does not
support that.

No, I didn’t port sftp. The configuration script disables it because the
(Watcom) compiler doesn’t support 64-bit integer, as you already said.

Andreas