003 File Manager
Current Path:
/usr/src/crypto/openssh/openbsd-compat
usr
/
src
/
crypto
/
openssh
/
openbsd-compat
/
📁
..
📄
Makefile.in
(1.77 KB)
📄
arc4random.c
(7.06 KB)
📄
base64.c
(10.25 KB)
📄
base64.h
(2.69 KB)
📄
basename.c
(1.78 KB)
📄
bcrypt_pbkdf.c
(5.38 KB)
📄
bindresvport.c
(3.24 KB)
📄
blf.h
(3.49 KB)
📄
blowfish.c
(23.11 KB)
📄
bsd-asprintf.c
(2.31 KB)
📄
bsd-closefrom.c
(2.84 KB)
📄
bsd-cygwin_util.c
(3.15 KB)
📄
bsd-cygwin_util.h
(2.34 KB)
📄
bsd-err.c
(2.15 KB)
📄
bsd-flock.c
(2.23 KB)
📄
bsd-getline.c
(2.9 KB)
📄
bsd-getpagesize.c
(463 B)
📄
bsd-getpeereid.c
(1.68 KB)
📄
bsd-malloc.c
(1.4 KB)
📄
bsd-misc.c
(5.88 KB)
📄
bsd-misc.h
(3.61 KB)
📄
bsd-nextstep.c
(2.5 KB)
📄
bsd-nextstep.h
(2.22 KB)
📄
bsd-openpty.c
(4.92 KB)
📄
bsd-poll.c
(2.91 KB)
📄
bsd-poll.h
(2.06 KB)
📄
bsd-setres_id.c
(2.34 KB)
📄
bsd-setres_id.h
(930 B)
📄
bsd-signal.c
(1.55 KB)
📄
bsd-signal.h
(1.15 KB)
📄
bsd-snprintf.c
(20.58 KB)
📄
bsd-statvfs.c
(2.09 KB)
📄
bsd-statvfs.h
(2.24 KB)
📄
bsd-waitpid.c
(1.77 KB)
📄
bsd-waitpid.h
(2.02 KB)
📄
chacha_private.h
(5.26 KB)
📄
charclass.h
(702 B)
📄
daemon.c
(2.32 KB)
📄
dirname.c
(1.87 KB)
📄
explicit_bzero.c
(1.09 KB)
📄
fake-rfc2553.c
(6.15 KB)
📄
fake-rfc2553.h
(5.2 KB)
📄
fmt_scaled.c
(7.69 KB)
📄
freezero.c
(1.01 KB)
📄
getcwd.c
(5.95 KB)
📄
getgrouplist.c
(2.7 KB)
📄
getopt.h
(2.71 KB)
📄
getopt_long.c
(14.46 KB)
📄
getrrsetbyname-ldns.c
(7.81 KB)
📄
getrrsetbyname.c
(13.56 KB)
📄
getrrsetbyname.h
(3.62 KB)
📄
glob.c
(25.53 KB)
📄
glob.h
(4.54 KB)
📄
inet_aton.c
(5.23 KB)
📄
inet_ntoa.c
(2.21 KB)
📄
inet_ntop.c
(5.42 KB)
📄
kludge-fd_set.c
(882 B)
📄
libressl-api-compat.c
(16.19 KB)
📄
md5.c
(7.83 KB)
📄
md5.h
(1.85 KB)
📄
mktemp.c
(3.14 KB)
📄
openbsd-compat.h
(8.68 KB)
📄
openssl-compat.c
(2.43 KB)
📄
openssl-compat.h
(7.22 KB)
📄
port-aix.c
(12.61 KB)
📄
port-aix.h
(4.22 KB)
📄
port-irix.c
(2.94 KB)
📄
port-irix.h
(1.65 KB)
📄
port-linux.c
(7.66 KB)
📄
port-linux.h
(1.18 KB)
📄
port-net.c
(8.33 KB)
📄
port-net.h
(1.58 KB)
📄
port-solaris.c
(9.56 KB)
📄
port-solaris.h
(1.27 KB)
📄
port-uw.c
(4.16 KB)
📄
port-uw.h
(1.37 KB)
📄
pwcache.c
(3.22 KB)
📄
readpassphrase.c
(5.79 KB)
📄
readpassphrase.h
(1.75 KB)
📄
reallocarray.c
(1.49 KB)
📄
realpath.c
(6.08 KB)
📄
recallocarray.c
(2.4 KB)
📁
regress
📄
rmd160.c
(11.72 KB)
📄
rmd160.h
(2.81 KB)
📄
rresvport.c
(2.97 KB)
📄
setenv.c
(5.76 KB)
📄
setproctitle.c
(4.55 KB)
📄
sha1.c
(5.18 KB)
📄
sha1.h
(2.23 KB)
📄
sha2.c
(24.88 KB)
📄
sha2.h
(5.66 KB)
📄
sigact.c
(3.82 KB)
📄
sigact.h
(3.66 KB)
📄
strcasestr.c
(2.35 KB)
📄
strlcat.c
(1.76 KB)
📄
strlcpy.c
(1.64 KB)
📄
strmode.c
(3.38 KB)
📄
strndup.c
(1.27 KB)
📄
strnlen.c
(1.18 KB)
📄
strptime.c
(9.28 KB)
📄
strsep.c
(2.59 KB)
📄
strtoll.c
(4.29 KB)
📄
strtonum.c
(1.85 KB)
📄
strtoul.c
(3.07 KB)
📄
strtoull.c
(3.13 KB)
📄
sys-queue.h
(21.04 KB)
📄
sys-tree.h
(24.68 KB)
📄
timingsafe_bcmp.c
(1.17 KB)
📄
vis.c
(5.97 KB)
📄
vis.h
(3.57 KB)
📄
xcrypt.c
(4.26 KB)
Editing: port-solaris.c
/* * Copyright (c) 2006 Chad Mynhier. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "config.h" #include "includes.h" #ifdef USE_SOLARIS_PROCESS_CONTRACTS #include <sys/types.h> #include <sys/stat.h> #include <sys/param.h> #include <errno.h> #ifdef HAVE_FCNTL_H # include <fcntl.h> #endif #include <stdarg.h> #include <string.h> #include <unistd.h> #include <libcontract.h> #include <sys/contract/process.h> #include <sys/ctfs.h> #include "log.h" #define CT_TEMPLATE CTFS_ROOT "/process/template" #define CT_LATEST CTFS_ROOT "/process/latest" static int tmpl_fd = -1; /* Lookup the latest process contract */ static ctid_t get_active_process_contract_id(void) { int stat_fd; ctid_t ctid = -1; ct_stathdl_t stathdl; if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { error("%s: Error opening 'latest' process " "contract: %s", __func__, strerror(errno)); return -1; } if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { error("%s: Error reading process contract " "status: %s", __func__, strerror(errno)); goto out; } if ((ctid = ct_status_get_id(stathdl)) < 0) { error("%s: Error getting process contract id: %s", __func__, strerror(errno)); goto out; } ct_status_free(stathdl); out: close(stat_fd); return ctid; } void solaris_contract_pre_fork(void) { if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { error("%s: open %s: %s", __func__, CT_TEMPLATE, strerror(errno)); return; } debug2("%s: setting up process contract template on fd %d", __func__, tmpl_fd); /* First we set the template parameters and event sets. */ if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) { error("%s: Error setting process contract parameter set " "(pgrponly): %s", __func__, strerror(errno)); goto fail; } if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) { error("%s: Error setting process contract template " "fatal events: %s", __func__, strerror(errno)); goto fail; } if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) { error("%s: Error setting process contract template " "critical events: %s", __func__, strerror(errno)); goto fail; } if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) { error("%s: Error setting process contract template " "informative events: %s", __func__, strerror(errno)); goto fail; } /* Now make this the active template for this process. */ if (ct_tmpl_activate(tmpl_fd) != 0) { error("%s: Error activating process contract " "template: %s", __func__, strerror(errno)); goto fail; } return; fail: if (tmpl_fd != -1) { close(tmpl_fd); tmpl_fd = -1; } } void solaris_contract_post_fork_child() { debug2("%s: clearing process contract template on fd %d", __func__, tmpl_fd); /* Clear the active template. */ if (ct_tmpl_clear(tmpl_fd) != 0) error("%s: Error clearing active process contract " "template: %s", __func__, strerror(errno)); close(tmpl_fd); tmpl_fd = -1; } void solaris_contract_post_fork_parent(pid_t pid) { ctid_t ctid; char ctl_path[256]; int r, ctl_fd = -1, stat_fd = -1; debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); if (tmpl_fd == -1) return; /* First clear the active template. */ if ((r = ct_tmpl_clear(tmpl_fd)) != 0) error("%s: Error clearing active process contract " "template: %s", __func__, strerror(errno)); close(tmpl_fd); tmpl_fd = -1; /* * If either the fork didn't succeed (pid < 0), or clearing * th active contract failed (r != 0), then we have nothing * more do. */ if (r != 0 || pid <= 0) return; /* Now lookup and abandon the contract we've created. */ ctid = get_active_process_contract_id(); debug2("%s: abandoning contract id %ld", __func__, ctid); snprintf(ctl_path, sizeof(ctl_path), CTFS_ROOT "/process/%ld/ctl", ctid); if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { error("%s: Error opening process contract " "ctl file: %s", __func__, strerror(errno)); goto fail; } if (ct_ctl_abandon(ctl_fd) < 0) { error("%s: Error abandoning process contract: %s", __func__, strerror(errno)); goto fail; } close(ctl_fd); return; fail: if (tmpl_fd != -1) { close(tmpl_fd); tmpl_fd = -1; } if (stat_fd != -1) close(stat_fd); if (ctl_fd != -1) close(ctl_fd); } #endif #ifdef USE_SOLARIS_PROJECTS #include <sys/task.h> #include <project.h> /* * Get/set solaris default project. * If we fail, just run along gracefully. */ void solaris_set_default_project(struct passwd *pw) { struct project *defaultproject; struct project tempproject; char buf[1024]; /* get default project, if we fail just return gracefully */ if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, sizeof(buf))) != NULL) { /* set default project */ if (setproject(defaultproject->pj_name, pw->pw_name, TASK_NORMAL) != 0) debug("setproject(%s): %s", defaultproject->pj_name, strerror(errno)); } else { /* debug on getdefaultproj() error */ debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); } } #endif /* USE_SOLARIS_PROJECTS */ #ifdef USE_SOLARIS_PRIVS # ifdef HAVE_PRIV_H # include <priv.h> # endif priv_set_t * solaris_basic_privset(void) { priv_set_t *pset; #ifdef HAVE_PRIV_BASICSET if ((pset = priv_allocset()) == NULL) { error("priv_allocset: %s", strerror(errno)); return NULL; } priv_basicset(pset); #else if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { error("priv_str_to_set: %s", strerror(errno)); return NULL; } #endif return pset; } void solaris_drop_privs_pinfo_net_fork_exec(void) { priv_set_t *pset = NULL, *npset = NULL; /* * Note: this variant avoids dropping DAC filesystem rights, in case * the process calling it is running as root and should have the * ability to read/write/chown any file on the system. * * We start with the basic set, then *add* the DAC rights to it while * taking away other parts of BASIC we don't need. Then we intersect * this with our existing PERMITTED set. In this way we keep any * DAC rights we had before, while otherwise reducing ourselves to * the minimum set of privileges we need to proceed. * * This also means we drop any other parts of "root" that we don't * need (e.g. the ability to kill any process, create new device nodes * etc etc). */ if ((pset = priv_allocset()) == NULL) fatal("priv_allocset: %s", strerror(errno)); if ((npset = solaris_basic_privset()) == NULL) fatal("solaris_basic_privset: %s", strerror(errno)); if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || priv_addset(npset, PRIV_FILE_OWNER) != 0) fatal("priv_addset: %s", strerror(errno)); if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 || #ifdef PRIV_NET_ACCESS priv_delset(npset, PRIV_NET_ACCESS) != 0 || #endif priv_delset(npset, PRIV_PROC_EXEC) != 0 || priv_delset(npset, PRIV_PROC_FORK) != 0 || priv_delset(npset, PRIV_PROC_INFO) != 0 || priv_delset(npset, PRIV_PROC_SESSION) != 0) fatal("priv_delset: %s", strerror(errno)); if (getppriv(PRIV_PERMITTED, pset) != 0) fatal("getppriv: %s", strerror(errno)); priv_intersect(pset, npset); if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) fatal("setppriv: %s", strerror(errno)); priv_freeset(pset); priv_freeset(npset); } void solaris_drop_privs_root_pinfo_net(void) { priv_set_t *pset = NULL; /* Start with "basic" and drop everything we don't need. */ if ((pset = solaris_basic_privset()) == NULL) fatal("solaris_basic_privset: %s", strerror(errno)); if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || #ifdef PRIV_NET_ACCESS priv_delset(pset, PRIV_NET_ACCESS) != 0 || #endif priv_delset(pset, PRIV_PROC_INFO) != 0 || priv_delset(pset, PRIV_PROC_SESSION) != 0) fatal("priv_delset: %s", strerror(errno)); if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) fatal("setppriv: %s", strerror(errno)); priv_freeset(pset); } void solaris_drop_privs_root_pinfo_net_exec(void) { priv_set_t *pset = NULL; /* Start with "basic" and drop everything we don't need. */ if ((pset = solaris_basic_privset()) == NULL) fatal("solaris_basic_privset: %s", strerror(errno)); if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || #ifdef PRIV_NET_ACCESS priv_delset(pset, PRIV_NET_ACCESS) != 0 || #endif priv_delset(pset, PRIV_PROC_EXEC) != 0 || priv_delset(pset, PRIV_PROC_INFO) != 0 || priv_delset(pset, PRIV_PROC_SESSION) != 0) fatal("priv_delset: %s", strerror(errno)); if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) fatal("setppriv: %s", strerror(errno)); priv_freeset(pset); } #endif
Upload File
Create Folder