Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 126 → Rev 137

/tags/2.1-8/debian/patches/mit-kerberos.patch
0,0 → 1,61
Description: Modify lsh-krb-checkpw to work with MIT Kerberos instead of Heimdal.
Building with the latest release of Heimdal (as of February 2016)
fails and their maintainers want to orphan it.
Bug: https://bugs.debian.org/812813
 
--- a/configure.ac
+++ b/configure.ac
@@ -475,7 +475,7 @@ if test x$enable_kerberos = xyes; then
LSH_CHECK_KRB_LIB(asn1, der_get_octet_string)
# Check for krb5_cc_gen_new too?
# krb5_verify_user_lrealm seems to be unique to heimdal
- LSH_CHECK_KRB_LIB(krb5, krb5_verify_user_lrealm,, [enable_kerberos=no])
+ LSH_CHECK_KRB_LIB(krb5, krb5_get_init_creds_password,, [enable_kerberos=no])
fi
AH_TEMPLATE([WITH_KERBEROS], [For kerberos])
--- a/src/lsh-krb-checkpw.c
+++ b/src/lsh-krb-checkpw.c
@@ -97,6 +97,8 @@ main(int argc, char **argv)
krb5_context context;
krb5_ccache ccache;
krb5_principal p;
+ krb5_creds creds;
+ krb5_principal server;
char *name;
char *pw;
@@ -121,18 +123,31 @@ main(int argc, char **argv)
if (krb5_init_context (&context))
die("krb5_init_context failed.");
- if (krb5_make_principal(context, &p, NULL, name, NULL))
- die("krb5_make_principal failed.");
+ if (krb5_parse_name(context, name, &p)) {
+ die("krb5_parse_name failed.");
+ }
+
+ if (krb5_get_init_creds_password(context, &creds, p, pw,
+ NULL, NULL, 0, NULL, NULL)) {
+ die("krb5_get_init_creds_password failed.");
+ }
+
+ if (krb5_verify_init_creds(context, &creds, server,
+ NULL, NULL, NULL)) {
+ die("krb5_verify_init_creds failed");
+ }
if (!krb5_kuserok(context, p, name))
die("krb5_kuserok doesn't know the user.");
+ /*
if (krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))
die("krb5_cc_gen_new failed.");
if (krb5_verify_user_lrealm(context, p, ccache, pw, TRUE, NULL))
die("krb5_verify_user_lrealm failed.");
+ */
/* Authentication successful. */
/* TODO: Keep the credential cache in some way. Perhaps write it to
/tags/2.1-8/debian/patches/nettle3.patch
0,0 → 1,270
Description: Support Nettle 3.x
Author: Magnus Holmgren <holmgren@debian.org>
Forwarded: yes
 
--- a/src/spki/verify.c
+++ b/src/spki/verify.c
@@ -25,7 +25,7 @@
#endif
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "certificate.h"
@@ -74,7 +74,7 @@ spki_verify_dsa(const uint8_t *digest,
dsa_public_key_init(&dsa);
dsa_signature_init(&rs);
- res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
+ res = (dsa_keypair_from_sexp_alist((struct dsa_params *)&dsa, dsa.y, NULL,
RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
&& spki_parse_type(key)
&& dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -322,7 +322,7 @@ make_cast128_cbc_instance(struct crypto_
? do_cast128_encrypt
: do_cast128_decrypt);
- cast128_set_key(&self->ctx.ctx, algorithm->key_size, key);
+ cast5_set_key(&self->ctx.ctx, algorithm->key_size, key);
CBC_SET_IV(&self->ctx, iv);
return(&self->super);
--- a/src/dsa.c
+++ b/src/dsa.c
@@ -28,7 +28,7 @@
#include <assert.h>
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/sexp.h>
#include <nettle/sha.h>
@@ -322,7 +322,7 @@ make_dsa_verifier(struct signature_algor
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&res->key, res->key.y, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
return &res->super;
KILL(res);
@@ -341,7 +341,7 @@ make_dsa_signer(struct signature_algorit
dsa_private_key_init(&res->key);
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&verifier->key, verifier->key.y, res->key.x, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
{
res->random = self->random;
res->verifier = verifier;
--- a/src/dummy.c
+++ b/src/dummy.c
@@ -41,84 +41,84 @@
#include "lsh.h"
/* Referenced by ssh_format.c */
-unsigned
+size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x UNUSED)
{ abort(); }
-unsigned
+size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x UNUSED)
{ abort(); }
void
-cbc_encrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_encrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-cbc_decrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_decrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-ctr_crypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+ctr_crypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUSED,
const struct nettle_hash *hash UNUSED,
- unsigned length UNUSED, uint8_t *digest UNUSED)
+ size_t length UNUSED, uint8_t *digest UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_transport_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
int
sexp_transport_iterator_first(struct sexp_iterator *iterator UNUSED,
- unsigned length UNUSED, uint8_t *input UNUSED)
+ size_t length UNUSED, uint8_t *input UNUSED)
{ abort(); }
void
nettle_buffer_init_size(struct nettle_buffer *buffer UNUSED,
- unsigned length UNUSED, uint8_t *space UNUSED)
+ size_t length UNUSED, uint8_t *space UNUSED)
{ abort(); }
/* Referenced by lsh_string.c */
-uint8_t *
-memxor(uint8_t *dst UNUSED, const uint8_t *src UNUSED, size_t n UNUSED)
+void *
+memxor(void *dst UNUSED, const void *src UNUSED, size_t n UNUSED)
{ abort(); }
void
-nettle_mpz_get_str_256(unsigned length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
+nettle_mpz_get_str_256(size_t length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
{ abort(); }
void
base64_encode_init(struct base64_encode_ctx *ctx UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_update(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED,
- unsigned length UNUSED,
+ size_t length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_final(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED)
{ abort(); }
@@ -129,9 +129,9 @@ base64_decode_init(struct base64_decode_
int
base64_decode_update(struct base64_decode_ctx *ctx UNUSED,
- unsigned *dst_length UNUSED,
+ size_t *dst_length UNUSED,
uint8_t *dst UNUSED,
- unsigned src_length UNUSED,
+ size_t src_length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
@@ -142,7 +142,7 @@ base64_decode_final(struct base64_decode
/* Referenced by parse.c */
void
nettle_mpz_set_str_256_s(mpz_t x UNUSED,
- unsigned length UNUSED, const uint8_t *s UNUSED)
+ size_t length UNUSED, const uint8_t *s UNUSED)
{ abort(); }
/* Referenced by werror.c */
--- a/src/lsh-keygen.c
+++ b/src/lsh-keygen.c
@@ -39,7 +39,7 @@
#include <unistd.h>
#endif
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "crypto.h"
@@ -214,7 +214,7 @@ dsa_generate_key(struct randomness *r, u
assert(r->quality == RANDOM_GOOD);
- if (dsa_generate_keypair(&public, &private,
+ if (dsa_compat_generate_keypair(&public, &private,
r, lsh_random,
NULL, progress,
512 + 64 * level, DSA_SHA1_Q_BITS))
--- a/src/lsh_string.c
+++ b/src/lsh_string.c
@@ -367,10 +367,10 @@ lsh_string_format_sexp(int transport, co
{
struct lsh_string *s;
va_list args;
- unsigned length;
+ size_t length;
struct nettle_buffer buffer;
- unsigned (*vformat)(struct nettle_buffer *, const char *, va_list)
+ size_t (*vformat)(struct nettle_buffer *, const char *, va_list)
= transport ? sexp_transport_vformat : sexp_vformat;
va_start(args, format);
@@ -415,7 +415,7 @@ int
lsh_string_base64_decode(struct lsh_string *s)
{
struct base64_decode_ctx ctx;
- uint32_t done = s->length;
+ size_t done = s->length;
base64_decode_init(&ctx);
--- a/src/randomness.c
+++ b/src/randomness.c
@@ -35,7 +35,7 @@
/* Wrapper for using lsh's randomness generator with nettle
* functions. */
void
-lsh_random(void *x, unsigned length, uint8_t *data)
+lsh_random(void *x, size_t length, uint8_t *data)
{
CAST_SUBTYPE(randomness, r, x);
RANDOM(r, length, data);
--- a/src/randomness.h
+++ b/src/randomness.h
@@ -84,6 +84,6 @@ make_system_random(void);
/* Randomness function matching nettle's expectations. */
void
-lsh_random(void *x, unsigned length, uint8_t *data);
+lsh_random(void *x, size_t length, uint8_t *data);
#endif /* LSH_RANDOMNESS_H_INCLUDED */
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -97,7 +97,7 @@ lsh_sexp_to_string(struct sexp_iterator
struct lsh_string *
lsh_sexp_copy(struct sexp_iterator *i)
{
- unsigned length;
+ size_t length;
const uint8_t *subexpr = sexp_iterator_subexpr(i, &length);
return subexpr ? ssh_format("%ls", length, subexpr) : NULL;
/tags/2.1-8/debian/patches/series
3,3 → 3,6
new-readline-completion-function-typedef.patch
rl_completion-segfault.patch
bsd_connreset_test_fail.patch
skip-argp.patch
nettle3.patch
mit-kerberos.patch
/tags/2.1-8/debian/patches/skip-argp.patch
0,0 → 1,65
Description: Make sure we don't touch the embedded argp copy when not needed
To avoid inline functions causing build failures under C99 standards
Author: Magnus Holmgren <holmgren@debian.org>
Bug-Debian: https://bugs.debian.org/777990
Forwarded: yes
 
--- a/configure.ac
+++ b/configure.ac
@@ -577,15 +577,18 @@ fi
# We don't use LIBOBJS for this, as the LIBOBJS are added to
# liblsh.a, and we can't add an archive to an archive.
+ARGP=""
LIBARGP=""
DOTDOT_LIBARGP=""
if test x$with_system_argp = xno ; then
+ ARGP="argp"
# FIXME: Perhaps it's better to use an absolute path?
LIBARGP="argp/libargp.a"
# Needed for linking in src/testsuite.
DOTDOT_LIBARGP="../argp/libargp.a"
fi
+AC_SUBST(ARGP)
AC_SUBST(LIBARGP)
AC_SUBST(DOTDOT_LIBARGP)
@@ -776,7 +779,9 @@ if test x$enable_ipv6 = xyes ; then
AC_DEFINE(WITH_IPV6)
fi
+if test x$with_system_argp = xno ; then
AC_CONFIG_SUBDIRS(src/argp)
+fi
AC_CONFIG_SUBDIRS(src/spki)
AC_CONFIG_SUBDIRS(src/sftp)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,6 +1,6 @@
# Process this file with automake to produce Makefile.in
-SUBDIRS = argp rsync scm sftp spki . testsuite
+SUBDIRS = @ARGP@ rsync scm sftp spki . testsuite
include .dist_classes
include .dist_headers
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -190,6 +190,7 @@ AC_DEFUN([LSH_LIB_ARGP],
ac_argp_save_LDFLAGS="$LDFLAGS"
ac_argp_ok=no
# First check if we can link with argp.
+ AH_TEMPLATE([HAVE_ARGP_PARSE], [Define if system has argp_parse()])
AC_SEARCH_LIBS(argp_parse, argp,
[ LSH_RPATH_FIX
AC_CACHE_CHECK([for working argp],
@@ -294,6 +295,7 @@ int main(int argc, char **argv)
if test x$lsh_cv_lib_argp_works = xyes ; then
ac_argp_ok=yes
+ AC_DEFINE(HAVE_ARGP_PARSE)
else
# Reset link flags
LIBS="$ac_argp_save_LIBS"