- (djm) Fix pam sprintf fix

 - (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>

diff --git a/ChangeLog b/ChangeLog
index 20831f2e336565bb03ff167382839f59dc780a5e..88ae8b4add4f0c535015490b8e0c371b162b2c1e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@
    builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
  - (djm) Replace ut_name with ut_user. Patch from Jim Watt
    <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+   from seeding, perform intialisation immediatly at start, be careful with
+   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
 
 20000708
  - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from 

diff --git a/auth-pam.c b/auth-pam.c
index c66241dc84cd8b2d25dfbefb1fc9f99be994ea5c..2eebf13ba70abddc0332a3cd263c4f3d89c67475 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -279,7 +279,7 @@ char **fetch_pam_environment(void)
 void print_pam_messages(void)
 {
        if (pam_msg != NULL)
-               fputs(stderr, pam_msg);
+               fputs(pam_msg, stderr);
 }
 
 /* Append a message to the PAM message buffer */

diff --git a/entropy.c b/entropy.c
index 1857e7c833b22f11cb8dfab65496be35a45b1da4..84b1dd1d951d2fd908839db00e0e96c3855153d3 100644 (file)
--- a/entropy.c
+++ b/entropy.c
@@ -168,6 +168,9 @@ seed_rng(void)
        memset(buf, '\0', sizeof(buf));
 }
 
+/* No-op */
+void init_rng(void) {}
+
 #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
 
 /* 
@@ -180,9 +183,9 @@ seed_rng(void)
 /* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
 static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
 
-static int prng_seed_loaded = 0;
 static int prng_seed_saved = 0;
-static int prng_commands_loaded = 0;
+static int prng_initialised = 0;
+uid_t original_uid;
 
 typedef struct
 {
@@ -395,10 +398,10 @@ hash_output_from_command(entropy_source_t *src, char *hash)
                        close(p[1]);
                        close(devnull);
 
+                       setuid(original_uid);
                        execv(src->path, (char**)(src->args));
                        debug("(child) Couldn't exec '%s': %s", src->cmdstring,
                              strerror(errno));
-                       src->badness = src->sticky_badness = 128;
                        _exit(-1);
                default: /* Parent */
                        break;
@@ -432,38 +435,36 @@ hash_output_from_command(entropy_source_t *src, char *hash)
 
                ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
 
+               RAND_add(&tv, sizeof(tv), 0.0);
+
                switch (ret) {
                case 0:
                        /* timer expired */
                        error_abort = 1;
                        break;
-                       
                case 1:
                        /* command input */
                        bytes_read = read(p[0], buf, sizeof(buf));
+                       RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
                        if (bytes_read == -1) {
                                error_abort = 1;
                                break;
-                       }
-                       if (bytes_read) {
+                       } else if (bytes_read) {
                                SHA1_Update(&sha, buf, bytes_read);
                                total_bytes_read += bytes_read;
-                               RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
-                       } else
+                       } else {
                                cmd_eof = 1;
-
+                       }
                        break;
-
                case -1:
                default:
+                       /* error */
                        debug("Command '%s': select() failed: %s", src->cmdstring,
                              strerror(errno));
                        error_abort = 1;
                        break;
-               } /* switch ret */
-
-               RAND_add(&tv, sizeof(&tv), 0.0);
-       } /* while !error_abort && !cmd_eof */
+               }
+       }
 
        SHA1_Final(hash, &sha);
 
@@ -533,7 +534,7 @@ prng_check_seedfile(char *filename) {
                fatal("PRNG seedfile %.100s is not a regular file", filename);
 
        /* mode 0600, owned by root or the current user? */
-       if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid()))
+       if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid))
                fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",
                         filename, getuid());
 
@@ -551,12 +552,14 @@ prng_write_seedfile(void) {
        if (prng_seed_saved)
                return;
        
+       setuid(original_uid);
+       
        prng_seed_saved = 1;
        
-       pw = getpwuid(getuid());
+       pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                       getuid(), strerror(errno));
+                       original_uid, strerror(errno));
                                
        /* Try to ensure that the parent directory is there */
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
@@ -591,10 +594,10 @@ prng_read_seedfile(void) {
        char filename[1024];
        struct passwd *pw;
        
-       pw = getpwuid(getuid());
+       pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                       getuid(), strerror(errno));
+                       original_uid, strerror(errno));
                        
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
                SSH_PRNG_SEED_FILE);
@@ -755,7 +758,7 @@ prng_read_commands(char *cmdfilename)
        /* trim to size */
        entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
 
-       debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
+       debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
 
        return (cur_cmd >= MIN_ENTROPY_SOURCES);
 }
@@ -777,35 +780,41 @@ void
 seed_rng(void)
 {
        void *old_sigchld_handler;
-       
-       if (!prng_commands_loaded) {
-               if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
-                       fatal("PRNG initialisation failed -- exiting.");
-               prng_commands_loaded = 1;
-       }
 
+       if (!prng_initialised)
+               fatal("RNG not initialised");
+       
        /* Make sure some other sigchld handler doesn't reap our entropy */
        /* commands */
        old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
 
-       debug("Seeding random number generator.");
-       debug("OpenSSL random status is now %i\n", RAND_status());
-       debug("%i bytes from system calls", (int)stir_from_system());
-       debug("%i bytes from programs", (int)stir_from_programs());
-       debug("OpenSSL random status is now %i\n", RAND_status());
+       debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
+       debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
+
+       if (!RAND_status())
+               fatal("Not enough entropy in RNG");
 
        signal(SIGCHLD, old_sigchld_handler);
 
        if (!RAND_status())
                fatal("Couldn't initialise builtin random number generator -- exiting.");
+}
 
-       if (!prng_seed_loaded)
-       {
-               prng_seed_loaded = 1;
-               prng_seed_saved = 0;            
-               prng_read_seedfile();
-               fatal_add_cleanup(prng_seed_cleanup, NULL);
-               atexit(prng_write_seedfile);
-       }
+void init_rng(void) 
+{
+       original_uid = getuid();
+
+       /* Read in collection commands */
+       if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
+               fatal("PRNG initialisation failed -- exiting.");
+
+       /* Set ourselves up to save a seed upon exit */
+       prng_seed_saved = 0;            
+       prng_read_seedfile();
+       fatal_add_cleanup(prng_seed_cleanup, NULL);
+       atexit(prng_write_seedfile);
+
+       prng_initialised = 1;
 }
+
 #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */

diff --git a/entropy.h b/entropy.h
index ec425a0cb17ad7ffb419d53bcfb35d167bfa7f04..a6f7bfc606d48c52b3904735a5e3b38954b54aab 100644 (file)
--- a/entropy.h
+++ b/entropy.h
@@ -31,5 +31,6 @@
 #define _RANDOMS_H
 
 void seed_rng(void);
+void init_rng(void);
 
 #endif /* _RANDOMS_H */

diff --git a/ssh-add.c b/ssh-add.c
index 661e1ffa92d7f2c623b4be8a1a9d007cbde1d6d1..a5d785ce706402ee69b52e60609a103593ed2873 100644 (file)
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -210,6 +210,8 @@ main(int argc, char **argv)
        int i;
        int deleting = 0;
 
+       init_rng();
+
        /* check if RSA support exists */
        if (rsa_alive() == 0) {
                fprintf(stderr,

diff --git a/ssh-agent.c b/ssh-agent.c
index 7bfa290423bf1603e9255c60cd81fdeb4f5834fa..148bcff6ea47709e73e34737f8510a77e062ad6a 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -509,6 +509,8 @@ main(int ac, char **av)
        char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
        extern int optind;
 
+       init_rng();
+
        /* check if RSA support exists */
        if (rsa_alive() == 0) {
                fprintf(stderr,

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b89c15e1a09975d0347289ff73260cf55f7bae1..dbd0443fcd30fb15faf5e8b3eb8d51fb94b8b227 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -520,6 +520,8 @@ main(int ac, char **av)
        extern int optind;
        extern char *optarg;
 
+       init_rng();
+
        SSLeay_add_all_algorithms();
 
        /* we need this for the home * directory.  */

diff --git a/ssh.c b/ssh.c
index f9742dc8de63ed1ab6cd6b8e923894ab8de4517c..be2ba4469f2331c60880be26b6d49b0af0e4559a 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -206,6 +206,8 @@ main(int ac, char **av)
        int dummy;
        uid_t original_effective_uid;
 
+       init_rng();
+
        /*
         * Save the original real uid.  It will be needed later (uid-swapping
         * may clobber the real uid).

diff --git a/sshd.c b/sshd.c
index a4749fbe41b62e93582bdbab677992c6b6c22b1e..93d68404ff5c0bac71a3589cccdc43d013fa9b87 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -422,6 +422,8 @@ main(int ac, char **av)
        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
        int listen_sock, maxfd;
 
+       init_rng();
+
        /* Save argv[0]. */
        saved_argc = ac;
        saved_argv = av;