20040815
- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms. ok djm@
+ - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
+ openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
+ closefrom() replacement from sudo; ok dtucker@
20040814
- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
/* Define if your resolver libs need this for getrrsetbyname */
#undef BIND_8_COMPAT
+/* Define if you have /proc/$pid/fd */
+#undef HAVE_PROC_PID
+
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
)
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+ floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+ login_cap.h maillock.h ndir.h netdb.h netgroup.h \
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
- sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
- sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
- ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+ sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
]
)
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+ AC_DEFINE(HAVE_PROC_PID)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
# Check whether user wants S/Key support
SKEY_MSG="no"
AC_ARG_WITH(skey,
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
- bindresvport_sa clock closefrom fchmod fchown freeaddrinfo futimes \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
+ futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
-COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o
--- /dev/null
+/*
+ * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_CLOSEFROM
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <stddef.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+
+#ifndef OPEN_MAX
+# define OPEN_MAX 256
+#endif
+
+RCSID("$Id$");
+
+#ifndef lint
+static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
+#endif /* lint */
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ */
+void
+closefrom(int lowfd)
+{
+ long fd, maxfd;
+#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+ char fdpath[PATH_MAX], *endp;
+ struct dirent *dent;
+ DIR *dirp;
+ int len;
+
+ /* Check for a /proc/$$/fd directory. */
+ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
+ if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
+ while ((dent = readdir(dirp)) != NULL) {
+ fd = strtol(dent->d_name, &endp, 10);
+ if (dent->d_name != endp && *endp == '\0' &&
+ fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+ (void) close((int) fd);
+ }
+ (void) closedir(dirp);
+ } else
+#endif
+ {
+ /*
+ * Fall back on sysconf() or getdtablesize(). We avoid checking
+ * resource limits since it is possible to open a file descriptor
+ * and then drop the rlimit such that it is below the open fd.
+ */
+#ifdef HAVE_SYSCONF
+ maxfd = sysconf(_SC_OPEN_MAX);
+#else
+ maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+ if (maxfd < 0)
+ maxfd = OPEN_MAX;
+
+ for (fd = lowfd; fd < maxfd; fd++)
+ (void) close((int) fd);
+ }
+}
+
+#endif /* HAVE_CLOSEFROM */
+
+
/*
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
*
}
#endif /* HAVE_TCSENDBREAK */
-#ifndef HAVE_CLOSEFROM
-int
-closefrom(int fd)
-{
- int i, result = 0, err = 0;
-
- for (i = fd; i < 128; i++)
- if (close(i) != 0) {
- err = errno;
- result = -1;
- }
- errno = err;
- return result;
-}
-#endif /* HAVE_CLOSEFROM */
-
mysig_t
mysignal(int sig, mysig_t act)
{
void unsetenv(const char *);
#endif
-#ifndef HAVE_CLOSEFROM
-int closefrom(int);
-#endif
-
/* wrapper for signal interface */
typedef void (*mysig_t)(int);
mysig_t mysignal(int sig, mysig_t act);
int bindresvport_sa(int sd, struct sockaddr *sa);
#endif
+#ifndef HAVE_CLOSEFROM
+void closefrom(int);
+#endif
+
#ifndef HAVE_GETCWD
char *getcwd(char *pt, size_t size);
#endif