From 181e6f32d9b92d1f51dd3acf2f5327aed13f5cf3 Mon Sep 17 00:00:00 2001
From: jbasney <jbasney>
Date: Tue, 6 Sep 2005 02:23:06 +0000
Subject: [PATCH 1/1] Initial revision

---
 openssh/openbsd-compat/openssl-compat.c |  46 ++++++++
 openssh/openbsd-compat/openssl-compat.h |  65 ++++++++++
 openssh/openbsd-compat/port-uw.c        | 134 +++++++++++++++++++++
 openssh/openbsd-compat/port-uw.h        |  30 +++++
 openssh/openbsd-compat/strtoll.c        | 151 ++++++++++++++++++++++++
 openssh/openbsd-compat/strtonum.c       |  69 +++++++++++
 6 files changed, 495 insertions(+)
 create mode 100644 openssh/openbsd-compat/openssl-compat.c
 create mode 100644 openssh/openbsd-compat/openssl-compat.h
 create mode 100644 openssh/openbsd-compat/port-uw.c
 create mode 100644 openssh/openbsd-compat/port-uw.h
 create mode 100644 openssh/openbsd-compat/strtoll.c
 create mode 100644 openssh/openbsd-compat/strtonum.c

diff --git a/openssh/openbsd-compat/openssl-compat.c b/openssh/openbsd-compat/openssl-compat.c
new file mode 100644
index 0000000..957be81
--- /dev/null
+++ b/openssh/openbsd-compat/openssl-compat.c
@@ -0,0 +1,46 @@
+/* $Id$ */
+
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#define SSH_DONT_REDEF_EVP
+#include "openssl-compat.h"
+
+#ifdef SSH_OLD_EVP
+int
+ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
+    unsigned char *key, unsigned char *iv, int enc)
+{
+	EVP_CipherInit(evp, type, key, iv, enc);
+	return 1;
+}
+
+int
+ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
+{
+	EVP_Cipher(evp, dst, src, len);
+	return 1;
+}
+
+int
+ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
+{
+	EVP_CIPHER_CTX_cleanup(evp);
+	return 1;
+}
+#endif
diff --git a/openssh/openbsd-compat/openssl-compat.h b/openssh/openbsd-compat/openssl-compat.h
new file mode 100644
index 0000000..eff0947
--- /dev/null
+++ b/openssh/openbsd-compat/openssl-compat.h
@@ -0,0 +1,65 @@
+/* $Id$ */
+
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+# define SSH_OLD_EVP
+# define EVP_CIPHER_CTX_get_app_data(e)		((e)->app_data)
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define EVP_aes_128_cbc evp_rijndael
+# define EVP_aes_192_cbc evp_rijndael
+# define EVP_aes_256_cbc evp_rijndael
+extern const EVP_CIPHER *evp_rijndael(void);
+extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+#endif
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  define USE_CIPHER_ACSS 1
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+# else
+#  define EVP_acss NULL
+# endif
+#endif
+
+/*
+ * insert comment here
+ */
+#ifdef SSH_OLD_EVP
+
+# ifndef SSH_DONT_REDEF_EVP
+
+#  ifdef EVP_Cipher
+#   undef EVP_Cipher
+#  endif
+
+#  define EVP_CipherInit(a,b,c,d,e)	ssh_EVP_CipherInit((a),(b),(c),(d),(e))
+#  define EVP_Cipher(a,b,c,d)		ssh_EVP_Cipher((a),(b),(c),(d))
+#  define EVP_CIPHER_CTX_cleanup(a)	ssh_EVP_CIPHER_CTX_cleanup((a))
+# endif
+
+int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
+    unsigned char *, int);
+int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
+int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+#endif
diff --git a/openssh/openbsd-compat/port-uw.c b/openssh/openbsd-compat/port-uw.c
new file mode 100644
index 0000000..d881ff0
--- /dev/null
+++ b/openssh/openbsd-compat/port-uw.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 2005 The SCO Group. All rights reserved.
+ * Copyright (c) 2005 Tim Rice. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "auth.h"
+#include "auth-options.h"
+
+int nischeck(char *);
+
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+	struct passwd *pw = authctxt->pw;
+	char *encrypted_password;
+	char *salt;
+	int result;
+
+	/* Just use the supplied fake password if authctxt is invalid */
+	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+
+	/* Check for users with no password. */
+	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+		return (1);
+
+	/* Encrypt the candidate password using the proper salt. */
+	salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
+#ifdef UNIXWARE_LONG_PASSWORDS
+	if (!nischeck(pw->pw_name))
+		encrypted_password = bigcrypt(password, salt);
+	else
+#endif /* UNIXWARE_LONG_PASSWORDS */
+		encrypted_password = xcrypt(password, salt);
+
+	/*
+	 * Authentication is accepted if the encrypted passwords
+	 * are identical.
+	 */
+	result = (strcmp(encrypted_password, pw_password) == 0);
+
+	if (authctxt->valid)
+		free(pw_password);
+	return(result);
+}
+
+#ifdef UNIXWARE_LONG_PASSWORDS
+int
+nischeck(char *namep)
+{
+	char password_file[] = "/etc/passwd";
+	FILE *fd;
+	struct passwd *ent = NULL;
+
+	if ((fd = fopen (password_file, "r")) == NULL) {
+		/*
+		 * If the passwd file has dissapeared we are in a bad state.
+		 * However, returning 0 will send us back through the
+		 * authentication scheme that has checked the ia database for
+		 * passwords earlier.
+		 */
+		return(0);
+	}
+
+	/*
+	 * fgetpwent() only reads from password file, so we know for certain
+	 * that the user is local.
+	 */
+	while (ent = fgetpwent(fd)) {
+		if (strcmp (ent->pw_name, namep) == 0) {
+			/* Local user */
+			fclose (fd);
+			return(0);
+		}
+	}
+
+	fclose (fd);
+	return (1);
+}
+
+#endif /* UNIXWARE_LONG_PASSWORDS */
+
+/*
+	NOTE: ia_get_logpwd() allocates memory for arg 2
+	functions that call shadow_pw() will need to free
+ */
+
+char *
+get_iaf_password(struct passwd *pw)
+{
+	char *pw_password = NULL;
+
+	uinfo_t uinfo;
+	if (!ia_openinfo(pw->pw_name,&uinfo)) {
+		ia_get_logpwd(uinfo, &pw_password);
+		if (pw_password == NULL)
+			fatal("ia_get_logpwd: Unable to get the shadow passwd");
+		ia_closeinfo(uinfo);
+	 	return pw_password;
+	}
+	else
+		fatal("ia_openinfo: Unable to open the shadow passwd file");
+}
+#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+
diff --git a/openssh/openbsd-compat/port-uw.h b/openssh/openbsd-compat/port-uw.h
new file mode 100644
index 0000000..3589b2e
--- /dev/null
+++ b/openssh/openbsd-compat/port-uw.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2005 Tim Rice.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+char * get_iaf_password(struct passwd *pw);
+#endif
+
diff --git a/openssh/openbsd-compat/strtoll.c b/openssh/openbsd-compat/strtoll.c
new file mode 100644
index 0000000..60c276f
--- /dev/null
+++ b/openssh/openbsd-compat/strtoll.c
@@ -0,0 +1,151 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
+
+/*-
+ * Copyright (c) 1992 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRTOLL
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/*
+ * Convert a string to a long long.
+ *
+ * Ignores `locale' stuff.  Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+long long
+strtoll(const char *nptr, char **endptr, int base)
+{
+	const char *s;
+	long long acc, cutoff;
+	int c;
+	int neg, any, cutlim;
+
+	/*
+	 * Skip white space and pick up leading +/- sign if any.
+	 * If base is 0, allow 0x for hex and 0 for octal, else
+	 * assume decimal; if base is already 16, allow 0x.
+	 */
+	s = nptr;
+	do {
+		c = (unsigned char) *s++;
+	} while (isspace(c));
+	if (c == '-') {
+		neg = 1;
+		c = *s++;
+	} else {
+		neg = 0;
+		if (c == '+')
+			c = *s++;
+	}
+	if ((base == 0 || base == 16) &&
+	    c == '0' && (*s == 'x' || *s == 'X')) {
+		c = s[1];
+		s += 2;
+		base = 16;
+	}
+	if (base == 0)
+		base = c == '0' ? 8 : 10;
+
+	/*
+	 * Compute the cutoff value between legal numbers and illegal
+	 * numbers.  That is the largest legal value, divided by the
+	 * base.  An input number that is greater than this value, if
+	 * followed by a legal input character, is too big.  One that
+	 * is equal to this value may be valid or not; the limit
+	 * between valid and invalid numbers is then based on the last
+	 * digit.  For instance, if the range for long longs is
+	 * [-9223372036854775808..9223372036854775807] and the input base
+	 * is 10, cutoff will be set to 922337203685477580 and cutlim to
+	 * either 7 (neg==0) or 8 (neg==1), meaning that if we have
+	 * accumulated a value > 922337203685477580, or equal but the
+	 * next digit is > 7 (or 8), the number is too big, and we will
+	 * return a range error.
+	 *
+	 * Set any if any `digits' consumed; make it negative to indicate
+	 * overflow.
+	 */
+	cutoff = neg ? LLONG_MIN : LLONG_MAX;
+	cutlim = cutoff % base;
+	cutoff /= base;
+	if (neg) {
+		if (cutlim > 0) {
+			cutlim -= base;
+			cutoff += 1;
+		}
+		cutlim = -cutlim;
+	}
+	for (acc = 0, any = 0;; c = (unsigned char) *s++) {
+		if (isdigit(c))
+			c -= '0';
+		else if (isalpha(c))
+			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+		else
+			break;
+		if (c >= base)
+			break;
+		if (any < 0)
+			continue;
+		if (neg) {
+			if (acc < cutoff || (acc == cutoff && c > cutlim)) {
+				any = -1;
+				acc = LLONG_MIN;
+				errno = ERANGE;
+			} else {
+				any = 1;
+				acc *= base;
+				acc -= c;
+			}
+		} else {
+			if (acc > cutoff || (acc == cutoff && c > cutlim)) {
+				any = -1;
+				acc = LLONG_MAX;
+				errno = ERANGE;
+			} else {
+				any = 1;
+				acc *= base;
+				acc += c;
+			}
+		}
+	}
+	if (endptr != 0)
+		*endptr = (char *) (any ? s - 1 : nptr);
+	return (acc);
+}
+#endif /* HAVE_STRTOLL */
diff --git a/openssh/openbsd-compat/strtonum.c b/openssh/openbsd-compat/strtonum.c
new file mode 100644
index 0000000..b681ed8
--- /dev/null
+++ b/openssh/openbsd-compat/strtonum.c
@@ -0,0 +1,69 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
+
+/*	$OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $	*/
+
+/*
+ * Copyright (c) 2004 Ted Unangst and Todd Miller
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRTONUM
+#include <limits.h>
+
+#define INVALID 	1
+#define TOOSMALL 	2
+#define TOOLARGE 	3
+
+long long
+strtonum(const char *numstr, long long minval, long long maxval,
+    const char **errstrp)
+{
+	long long ll = 0;
+	char *ep;
+	int error = 0;
+	struct errval {
+		const char *errstr;
+		int err;
+	} ev[4] = {
+		{ NULL,		0 },
+		{ "invalid",	EINVAL },
+		{ "too small",	ERANGE },
+		{ "too large",	ERANGE },
+	};
+
+	ev[0].err = errno;
+	errno = 0;
+	if (minval > maxval)
+		error = INVALID;
+	else {
+		ll = strtoll(numstr, &ep, 10);
+		if (numstr == ep || *ep != '\0')
+			error = INVALID;
+		else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
+			error = TOOSMALL;
+		else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
+			error = TOOLARGE;
+	}
+	if (errstrp != NULL)
+		*errstrp = ev[error].errstr;
+	errno = ev[error].err;
+	if (error)
+		ll = 0;
+
+	return (ll);
+}
+
+#endif /* HAVE_STRTONUM */
-- 
2.45.2