SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-07-18 16:18:12 +00:00
parent 3110dbb17d
commit d1109c2ac1
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
30 changed files with 1016 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/libc/sys/getrusage.2
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: getrusage.2,v 1.17 2015/02/28 21:51:57 bentley Exp $
.\" $OpenBSD: getrusage.2,v 1.18 2024/07/17 13:29:05 claudio Exp $
.\"
.\" Copyright (c) 1985, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@ -29,7 +29,7 @@
.\"
.\" @(#)getrusage.2 8.1 (Berkeley) 6/4/93
.\"
.Dd $Mdocdate: February 28 2015 $
.Dd $Mdocdate: July 17 2024 $
.Dt GETRUSAGE 2
.Os
.Sh NAME
@ -48,7 +48,10 @@ which can be one of the following:
.It Dv RUSAGE_SELF
Resources used by the current process.
.It Dv RUSAGE_CHILDREN
Resources used by all the terminated children of the current process.
Resources used by all the terminated children of the current process which
were waited upon.
If the child is never waited for, the resource information for the child
process is discarded.
.It Dv RUSAGE_THREAD
Resources used by the current thread.
.El
@ -186,4 +189,4 @@ flag has been available since
.Ox 4.8 .
.Sh BUGS
There is no way to obtain information about a child process
that has not yet terminated.
that has not yet terminated or has not been waited for by the parent.

10
lib/libc/sys/link.2
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: link.2,v 1.30 2024/03/25 17:57:07 guenther Exp $
.\" $OpenBSD: link.2,v 1.31 2024/07/18 15:38:57 millert Exp $
.\" $NetBSD: link.2,v 1.7 1995/02/27 12:34:01 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
@ -30,7 +30,7 @@
.\"
.\" @(#)link.2 8.3 (Berkeley) 1/12/94
.\"
.Dd $Mdocdate: March 25 2024 $
.Dd $Mdocdate: July 18 2024 $
.Dt LINK 2
.Os
.Sh NAME
@ -65,15 +65,13 @@ is removed, the file
.Fa name2
is not deleted and the link count of the underlying object is decremented.
.Pp
For the hard link to succeed,
.Fa name1
must exist for the hard link to succeed and both
must exist and not be a directory, and both
.Fa name1
and
.Fa name2
must be in the same file system.
As mandated by POSIX.1
.Fa name1
may not be a directory.
.Pp
The
.Fn linkat

6
libexec/login_radius/Makefile
View file

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.2 2002/11/21 22:26:32 millert Exp $
# $OpenBSD: Makefile,v 1.3 2024/07/17 20:50:28 yasuoka Exp $
PROG= login_radius
SRCS= login_radius.c raddauth.c
MAN= login_radius.8
DPADD= ${LIBUTIL}
LDADD= -lutil
DPADD= ${LIBUTIL} ${LIBCRYPTO}
LDADD= -lutil -lcrypto
CFLAGS+=-Wall
BINOWN= root

37
libexec/login_radius/raddauth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: raddauth.c,v 1.31 2023/03/02 16:13:57 millert Exp $ */
/* $OpenBSD: raddauth.c,v 1.33 2024/07/18 02:45:31 yasuoka Exp $ */
/*-
* Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved.
@ -84,8 +84,9 @@
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#include <md5.h>
#include <readpassphrase.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include "login_radius.h"
@ -95,6 +96,7 @@
#define AUTH_VECTOR_LEN 16
#define AUTH_HDR_LEN 20
#define AUTH_PASS_LEN (256 - 16)
#define AUTH_MSGAUTH_LEN 16
#define PW_AUTHENTICATION_REQUEST 1
#define PW_AUTHENTICATION_ACK 2
#define PW_AUTHENTICATION_REJECT 3
@ -105,6 +107,7 @@
#define PW_CLIENT_PORT_ID 5
#define PW_PORT_MESSAGE 18
#define PW_STATE 24
#define PW_MSG_AUTH 80
#ifndef RADIUS_DIR
#define RADIUS_DIR "/etc/raddb"
@ -347,7 +350,7 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
int i, len, secretlen, total_length, p;
struct sockaddr_in sin;
u_char md5buf[MAXSECRETLEN+AUTH_VECTOR_LEN], digest[AUTH_VECTOR_LEN],
pass_buf[AUTH_PASS_LEN], *pw, *ptr;
pass_buf[AUTH_PASS_LEN], *pw, *ptr, *ma;
u_int length;
in_addr_t ipaddr;
MD5_CTX context;
@ -359,6 +362,15 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
total_length = AUTH_HDR_LEN;
ptr = auth.data;
/* Preserve space for msgauth */
*ptr++ = PW_MSG_AUTH;
length = 16;
*ptr++ = length + 2;
ma = ptr;
memset(ma, 0, 16);
ptr += length;
total_length += length + 2;
/* User name */
*ptr++ = PW_USER_NAME;
length = strlen(name);
@ -391,9 +403,9 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
/* XOR the password into the md5 digest */
pw = pass_buf;
while (p-- > 0) {
MD5Init(&context);
MD5Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN);
MD5Final(digest, &context);
MD5_Init(&context);
MD5_Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN);
MD5_Final(digest, &context);
for (i = 0; i < AUTH_VECTOR_LEN; ++i) {
*ptr = digest[i] ^ *pw;
md5buf[secretlen+i] = *ptr++;
@ -431,6 +443,11 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
auth.length = htons(total_length);
/* Calc msgauth */
if (HMAC(EVP_md5(), auth_secret, secretlen, (unsigned char *)&auth,
total_length, ma, NULL) == NULL)
errx(1, "HMAC() failed");
memset(&sin, 0, sizeof (sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = auth_server;
@ -473,10 +490,10 @@ rad_recv(char *state, char *challenge, u_char *req_vector)
/* verify server's shared secret */
memcpy(recv_vector, auth.vector, AUTH_VECTOR_LEN);
memcpy(auth.vector, req_vector, AUTH_VECTOR_LEN);
MD5Init(&context);
MD5Update(&context, (u_char *)&auth, ntohs(auth.length));
MD5Update(&context, auth_secret, strlen(auth_secret));
MD5Final(test_vector, &context);
MD5_Init(&context);
MD5_Update(&context, (u_char *)&auth, ntohs(auth.length));
MD5_Update(&context, auth_secret, strlen(auth_secret));
MD5_Final(test_vector, &context);
if (memcmp(recv_vector, test_vector, AUTH_VECTOR_LEN) != 0)
errx(1, "shared secret incorrect");

759
regress/lib/libssl/ciphers/cipherstest.c
View file

@ -1,3 +1,4 @@
/* $OpenBSD: cipherstest.c,v 1.15 2024/07/17 15:22:56 tb Exp $ */
/*
* Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org>
*
@ -14,6 +15,8 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/ssl.h>
#include <err.h>
@ -67,16 +70,674 @@ check_cipher_order(void)
return 0;
}
struct ssl_cipher_test {
uint16_t value;
int auth_nid;
int cipher_nid;
int digest_nid;
int handshake_digest_nid;
int kx_nid;
int strength_bits;
int symmetric_bits;
int is_aead;
};
static const struct ssl_cipher_test ssl_cipher_tests[] = {
{
.value = 0x0004,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_rc4,
.digest_nid = NID_md5,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0005,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_rc4,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x000a,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0x0016,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0x0018,
.auth_nid = NID_auth_null,
.cipher_nid = NID_rc4,
.digest_nid = NID_md5,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x001b,
.auth_nid = NID_auth_null,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0x002f,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0033,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0034,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0035,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x0039,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x003a,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x003c,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x003d,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x0041,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0045,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0046,
.auth_nid = NID_auth_null,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x0067,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x006b,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x006c,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x006d,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x0084,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x0088,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x0089,
.auth_nid = NID_auth_null,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x009c,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0x009d,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_rsa,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0x009e,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0x009f,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0x00a6,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0x00a7,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0x00ba,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x00be,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x00bf,
.auth_nid = NID_auth_null,
.cipher_nid = NID_camellia_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0x00c0,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_rsa,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x00c4,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x00c5,
.auth_nid = NID_auth_null,
.cipher_nid = NID_camellia_256_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0x1301,
.auth_nid = NID_undef,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_undef,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0x1302,
.auth_nid = NID_undef,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_undef,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0x1303,
.auth_nid = NID_undef,
.cipher_nid = NID_chacha20_poly1305,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_undef,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0xc007,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_rc4,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc008,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0xc009,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc00a,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0xc011,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_rc4,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc012,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0xc013,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc014,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0xc016,
.auth_nid = NID_auth_null,
.cipher_nid = NID_rc4,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc017,
.auth_nid = NID_auth_null,
.cipher_nid = NID_des_ede3_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 112,
.symmetric_bits = 168,
},
{
.value = 0xc018,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc019,
.auth_nid = NID_auth_null,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha1,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0xc023,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc024,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha384,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0xc027,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_cbc,
.digest_nid = NID_sha256,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
},
{
.value = 0xc028,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_cbc,
.digest_nid = NID_sha384,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
},
{
.value = 0xc02b,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0xc02c,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0xc02f,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_128_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 128,
.symmetric_bits = 128,
.is_aead = 1,
},
{
.value = 0xc030,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_aes_256_gcm,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha384,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0xcca8,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_chacha20_poly1305,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0xcca9,
.auth_nid = NID_auth_ecdsa,
.cipher_nid = NID_chacha20_poly1305,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_ecdhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
{
.value = 0xccaa,
.auth_nid = NID_auth_rsa,
.cipher_nid = NID_chacha20_poly1305,
.digest_nid = NID_undef,
.handshake_digest_nid = NID_sha256,
.kx_nid = NID_kx_dhe,
.strength_bits = 256,
.symmetric_bits = 256,
.is_aead = 1,
},
};
#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0]))
static int
cipher_find_test(void)
test_ssl_ciphers(void)
{
int i, strength_bits, symmetric_bits;
const struct ssl_cipher_test *sct;
STACK_OF(SSL_CIPHER) *ciphers;
const SSL_CIPHER *cipher;
const EVP_MD *digest;
unsigned char buf[2];
const char *description;
char desc_buf[256];
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
size_t j;
int ret = 1;
int i;
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new() returned NULL\n");
@ -96,6 +757,12 @@ cipher_find_test(void)
goto failure;
}
if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) {
fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n",
sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS);
goto failure;
}
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
uint16_t cipher_value;
@ -106,18 +773,94 @@ cipher_find_test(void)
buf[1] = cipher_value & 0xff;
if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
fprintf(stderr,
"SSL_CIPHER_find() returned NULL for %s\n",
fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n",
SSL_CIPHER_get_name(cipher));
goto failure;
}
if (SSL_CIPHER_get_value(cipher) != cipher_value) {
fprintf(stderr,
"got cipher with value 0x%x, want 0x%x\n",
fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n",
SSL_CIPHER_get_value(cipher), cipher_value);
goto failure;
}
if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) {
fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n",
SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value));
goto failure;
}
sct = NULL;
for (j = 0; j < N_SSL_CIPHER_TESTS; j++) {
if (ssl_cipher_tests[j].value == cipher_value) {
sct = &ssl_cipher_tests[j];
break;
}
}
if (sct == NULL) {
fprintf(stderr, "cipher '%s' (0x%04x) not found in test "
"table\n", SSL_CIPHER_get_name(cipher), cipher_value);
goto failure;
}
if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) {
fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, "
"want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid);
goto failure;
}
if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) {
fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, "
"want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid);
goto failure;
}
if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) {
fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, "
"want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid);
goto failure;
}
if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) {
fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, "
"want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid);
goto failure;
}
/* Having API consistency is a wonderful thing... */
digest = SSL_CIPHER_get_handshake_digest(cipher);
if (EVP_MD_nid(digest) != sct->handshake_digest_nid) {
fprintf(stderr, "cipher '%s' (0x%04x) - got handshake "
"digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher),
cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid);
goto failure;
}
strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits);
if (strength_bits != sct->strength_bits) {
fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits "
"%d, want %d\n", SSL_CIPHER_get_name(cipher),
cipher_value, strength_bits, sct->strength_bits);
goto failure;
}
if (symmetric_bits != sct->symmetric_bits) {
fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits "
"%d, want %d\n", SSL_CIPHER_get_name(cipher),
cipher_value, symmetric_bits, sct->symmetric_bits);
goto failure;
}
if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) {
fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, "
"want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
SSL_CIPHER_is_aead(cipher), sct->is_aead);
goto failure;
}
if ((description = SSL_CIPHER_description(cipher, desc_buf,
sizeof(desc_buf))) != desc_buf) {
fprintf(stderr, "cipher '%s' (0x%04x) - failed to get "
"description\n", SSL_CIPHER_get_name(cipher), cipher_value);
goto failure;
}
}
ret = 0;
@ -466,7 +1209,7 @@ main(int argc, char **argv)
failed |= check_cipher_order();
failed |= cipher_find_test();
failed |= test_ssl_ciphers();
failed |= parse_ciphersuites_test();
failed |= cipher_set_test();

16
sbin/iked/radius.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radius.c,v 1.7 2024/07/13 14:28:27 yasuoka Exp $ */
/* $OpenBSD: radius.c,v 1.8 2024/07/18 08:58:59 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
@ -177,6 +177,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
if (req == NULL) {
log_debug("%s: received an unknown RADIUS message: id=%u",
__func__, (unsigned)resid);
radius_delete_packet(pkt);
return;
}
@ -184,6 +185,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
if (radius_check_response_authenticator(pkt, server->rs_secret) != 0) {
log_info("%s: received an invalid RADIUS message: bad "
"response authenticator", __func__);
radius_delete_packet(pkt);
return;
}
if (req->rr_accounting) {
@ -200,6 +202,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
TAILQ_REMOVE(&server->rs_reqs, req, rr_entry);
req->rr_server = NULL;
free(req);
radius_delete_packet(pkt);
return;
}
@ -207,6 +210,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
if (radius_check_message_authenticator(pkt, server->rs_secret) != 0) {
log_info("%s: received an invalid RADIUS message: bad "
"message authenticator", __func__);
radius_delete_packet(pkt);
return;
}
@ -314,10 +318,14 @@ iked_radius_on_event(int fd, short ev, void *ctx)
log_info("%s: failed to retrieve the EAP message", __func__);
goto fail;
}
radius_delete_packet(pkt);
ikev2_send_ike_e(env, req->rr_sa, e, IKEV2_PAYLOAD_EAP,
IKEV2_EXCHANGE_IKE_AUTH, 1);
/* keep request for challenge state and config parameters */
req->rr_reqid = -1; /* release reqid */
return;
fail:
radius_delete_packet(pkt);
if (req->rr_server != NULL)
TAILQ_REMOVE(&server->rs_reqs, req, rr_entry);
req->rr_server = NULL;
@ -416,8 +424,10 @@ iked_radius_request_send(struct iked *env, void *ctx)
if (req->rr_ntry == 0) {
/* decide the ID */
seq = ++server->rs_reqseq;
for (i = 0; i < UCHAR_MAX; i++) {
for (i = 0; i <= UCHAR_MAX; i++) {
TAILQ_FOREACH(req0, &server->rs_reqs, rr_entry) {
if (req0->rr_reqid == -1)
continue;
if (req0->rr_reqid == seq)
break;
}
@ -425,7 +435,7 @@ iked_radius_request_send(struct iked *env, void *ctx)
break;
seq++;
}
if (i >= UCHAR_MAX) {
if (i > UCHAR_MAX) {
log_info("%s: RADIUS server %s failed. Too many "
"pending requests", __func__,
print_addr(&server->rs_sockaddr));

6
share/man/man4/speaker.4
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: speaker.4,v 1.11 2022/09/11 06:38:11 jmc Exp $
.\" $OpenBSD: speaker.4,v 1.12 2024/07/18 05:44:46 jmc Exp $
.\" $NetBSD: speaker.4,v 1.9 1998/08/18 08:16:56 augustss Exp $
.\"
.\" Copyright (c) 1993 Christopher G. Demetriou
@ -29,7 +29,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 11 2022 $
.Dd $Mdocdate: July 18 2024 $
.Dt SPKR 4
.Os
.Sh NAME
@ -123,7 +123,7 @@ or
the first two of these cause it to be sharped one half-tone, the last causes
it to be flatted one half-tone.
It may also be followed by a time value number and by sustain dots (see below).
Time values are interpreted as for the L command below;.
Time values are interpreted as for the L command below.
.It O Aq Ar n
If
.Ar n

4
sys/arch/arm64/arm64/autoconf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: autoconf.c,v 1.14 2022/09/08 10:22:06 kn Exp $ */
/* $OpenBSD: autoconf.c,v 1.15 2024/07/17 15:21:59 kettenis Exp $ */
/*
* Copyright (c) 2009 Miodrag Vallat.
*
@ -61,6 +61,8 @@ cpu_configure(void)
unmap_startup();
cpu_identify_cleanup();
#ifdef CRYPTO
if (arm64_has_aes)
cryptox_setup();

36
sys/arch/arm64/arm64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.126 2024/07/14 09:48:48 jca Exp $ */
/* $OpenBSD: cpu.c,v 1.127 2024/07/17 15:21:59 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -1024,6 +1024,40 @@ cpu_identify(struct cpu_info *ci)
#endif
}
void
cpu_identify_cleanup(void)
{
uint64_t value;
/* ID_AA64ISAR0_EL1 */
value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK;
value &= ~ID_AA64ISAR0_TLB_MASK;
cpu_id_aa64isar0 = value;
/* ID_AA64ISAR1_EL1 */
value = cpu_id_aa64isar1 &= ID_AA64ISAR1_MASK;
value &= ~ID_AA64ISAR1_SPECRES_MASK;
cpu_id_aa64isar1 = value;
/* ID_AA64ISAR2_EL1 */
value = cpu_id_aa64isar2 &= ID_AA64ISAR2_MASK;
value &= ~ID_AA64ISAR2_CLRBHB_MASK;
cpu_id_aa64isar2 = value;
/* ID_AA64PFR0_EL1 */
value = 0;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK;
cpu_id_aa64pfr0 = value;
/* ID_AA64PFR1_EL1 */
value = 0;
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
cpu_id_aa64pfr1 = value;
}
void cpu_init(void);
int cpu_start_secondary(struct cpu_info *ci, int, uint64_t);
int cpu_clockspeed(int *);

27
sys/arch/arm64/arm64/machdep.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: machdep.c,v 1.90 2024/07/03 21:04:04 kettenis Exp $ */
/* $OpenBSD: machdep.c,v 1.91 2024/07/17 15:21:59 kettenis Exp $ */
/*
* Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
* Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@ -332,7 +332,6 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
{
char *compatible;
int node, len, error;
uint64_t value;
/* all sysctl names at this level are terminal */
if (namelen != 1)
@ -351,25 +350,15 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
free(compatible, M_TEMP, len);
return error;
case CPU_ID_AA64ISAR0:
value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK;
value &= ~ID_AA64ISAR0_TLB_MASK;
return sysctl_rdquad(oldp, oldlenp, newp, value);
return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar0);
case CPU_ID_AA64ISAR1:
value = cpu_id_aa64isar1 & ID_AA64ISAR1_MASK;
value &= ~ID_AA64ISAR1_SPECRES_MASK;
return sysctl_rdquad(oldp, oldlenp, newp, value);
case CPU_ID_AA64PFR0:
value = 0;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK;
value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK;
return sysctl_rdquad(oldp, oldlenp, newp, value);
case CPU_ID_AA64PFR1:
value = 0;
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
return sysctl_rdquad(oldp, oldlenp, newp, value);
return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar1);
case CPU_ID_AA64ISAR2:
return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar2);
case CPU_ID_AA64PFR0:
return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr0);
case CPU_ID_AA64PFR1:
return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr1);
case CPU_ID_AA64MMFR0:
case CPU_ID_AA64MMFR1:
case CPU_ID_AA64MMFR2:

5
sys/arch/arm64/include/cpu.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.48 2024/07/10 11:01:24 kettenis Exp $ */
/* $OpenBSD: cpu.h,v 1.49 2024/07/17 15:21:59 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
*
@ -63,9 +63,12 @@
extern uint64_t cpu_id_aa64isar0;
extern uint64_t cpu_id_aa64isar1;
extern uint64_t cpu_id_aa64isar2;
extern uint64_t cpu_id_aa64pfr0;
extern uint64_t cpu_id_aa64pfr1;
void cpu_identify_cleanup(void);
#include <machine/intr.h>
#include <machine/frame.h>
#include <machine/armreg.h>

4
sys/net/pf_ioctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ioctl.c,v 1.417 2024/05/13 01:15:53 jsg Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.418 2024/07/18 14:46:28 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -287,7 +287,7 @@ pfattach(int num)
*/
pf_anchor_stack = cpumem_malloc(
sizeof(struct pf_anchor_stackframe) * (PF_ANCHOR_STACK_MAX + 2),
M_WAITOK|M_ZERO);
M_PF);
CPUMEM_FOREACH(sf, &cmi, pf_anchor_stack)
sf[PF_ANCHOR_STACK_MAX].sf_stack_top = &sf[0];
}

6
sys/sys/proc.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: proc.h,v 1.363 2024/07/15 07:24:03 jsg Exp $ */
/* $OpenBSD: proc.h,v 1.364 2024/07/17 09:54:14 claudio Exp $ */
/* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */
/*-
@ -444,8 +444,8 @@ struct proc {
#define P_BITS \
("\20" "\01INKTR" "\02PROFPEND" "\03ALRMPEND" "\04SIGSUSPEND" \
"\05CANTSLEEP" "\06WSLEEP" "\010SINTR" "\012SYSTEM" "\013TIMEOUT" \
"\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\027XX" \
"\030CONTINUED" "\033THREAD" "\034SUSPSIG" "\035SOFTDEP" "\037CPUPEG")
"\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\030CONTINUED" "\033THREAD" \
"\034SUSPSIG" "\037CPUPEG")
#define THREAD_PID_OFFSET 100000

100
usr.bin/sed/compile.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: compile.c,v 1.52 2024/06/18 00:32:22 millert Exp $ */
/* $OpenBSD: compile.c,v 1.53 2024/07/17 20:57:15 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -37,7 +37,7 @@
#include <sys/stat.h>
#include <ctype.h>
#include <errno.h>
#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <regex.h>
@ -153,7 +153,7 @@ compile_stream(struct s_command **link)
for (;;) {
if ((p = cu_getline(&lbuf, &bufsize)) == NULL) {
if (stack != 0)
error(COMPILE, "unexpected EOF (pending }'s)");
error("unexpected EOF (pending }'s)");
return (link);
}
@ -193,17 +193,16 @@ semicolon: EATSPACE();
nonsel: /* Now parse the command */
if (!*p)
error(COMPILE, "command expected");
error("command expected");
cmd->code = *p;
for (fp = cmd_fmts; fp->code; fp++)
if (fp->code == *p)
break;
if (!fp->code)
error(COMPILE, "invalid command code %c", *p);
error("invalid command code %c", *p);
if (naddr > fp->naddr)
error(COMPILE,
"command %c expects up to %d address(es), found %d",
*p, fp->naddr, naddr);
error("command %c expects up to %d address(es),"
" found %d", *p, fp->naddr, naddr);
switch (fp->args) {
case NONSEL: /* ! */
p++;
@ -226,7 +225,7 @@ nonsel: /* Now parse the command */
*/
cmd->nonsel = 1;
if (stack == 0)
error(COMPILE, "unexpected }");
error("unexpected }");
cmd2 = stack;
stack = cmd2->next;
cmd2->next = cmd;
@ -240,19 +239,19 @@ nonsel: /* Now parse the command */
goto semicolon;
}
if (*p)
error(COMPILE,
"extra characters at the end of %c command", cmd->code);
error("extra characters at the end of %c"
" command", cmd->code);
break;
case TEXT: /* a c i */
p++;
EATSPACE();
if (*p != '\\')
error(COMPILE, "command %c expects \\ followed by"
" text", cmd->code);
error("command %c expects \\ followed by text",
cmd->code);
p++;
EATSPACE();
if (*p)
error(COMPILE, "extra characters after \\ at the"
error("extra characters after \\ at the"
" end of %c command", cmd->code);
cmd->t = compile_text();
break;
@ -262,7 +261,7 @@ nonsel: /* Now parse the command */
p++;
EATSPACE();
if (*p == '\0')
error(COMPILE, "filename expected");
error("filename expected");
cmd->t = duptoeol(p, "w command", NULL);
if (aflag) {
cmd->u.fd = -1;
@ -271,14 +270,14 @@ nonsel: /* Now parse the command */
else if ((cmd->u.fd = open(p,
O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
DEFFILEMODE)) == -1)
error(FATAL, "%s: %s", p, strerror(errno));
err(1, "%s", p);
break;
case RFILE: /* r */
pledge_rpath = 1;
p++;
EATSPACE();
if (*p == '\0')
error(COMPILE, "filename expected");
error("filename expected");
cmd->t = duptoeol(p, "read command", NULL);
break;
case BRANCH: /* b t */
@ -298,7 +297,7 @@ nonsel: /* Now parse the command */
EATSPACE();
cmd->t = duptoeol(p, "label", &p);
if (strlen(cmd->t) == 0)
error(COMPILE, "empty label");
error("empty label");
enterlabel(cmd);
if (*p == ';') {
p++;
@ -308,12 +307,12 @@ nonsel: /* Now parse the command */
case SUBST: /* s */
p++;
if (*p == '\0' || *p == '\\')
error(COMPILE, "substitute pattern can not be"
error("substitute pattern can not be"
" delimited by newline or backslash");
cmd->u.s = xmalloc(sizeof(struct s_subst));
p = compile_re(p, &cmd->u.s->re);
if (p == NULL)
error(COMPILE, "unterminated substitute pattern");
error("unterminated substitute pattern");
--p;
p = compile_subst(p, cmd->u.s);
p = compile_flags(p, cmd->u.s);
@ -334,7 +333,7 @@ nonsel: /* Now parse the command */
goto semicolon;
}
if (*p)
error(COMPILE, "extra text at the end of a"
error("extra text at the end of a"
" transform command");
break;
}
@ -359,9 +358,9 @@ compile_delimited(char *p, char *d)
if (c == '\0')
return (NULL);
else if (c == '\\')
error(COMPILE, "\\ can not be used as a string delimiter");
error("\\ can not be used as a string delimiter");
else if (c == '\n')
error(COMPILE, "newline can not be used as a string delimiter");
error("newline can not be used as a string delimiter");
while (p[0]) {
/* Unescaped delimiter: We are done. */
@ -393,7 +392,7 @@ compile_delimited(char *p, char *d)
* It may contain the delimiter without escaping.
*/
else if ((d = compile_ccl(&p, d)) == NULL)
error(COMPILE, "unbalanced brackets ([])");
error("unbalanced brackets ([])");
}
return NULL;
}
@ -453,7 +452,7 @@ compile_re(char *p, regex_t **repp)
}
*repp = xmalloc(sizeof(regex_t));
if (p && (eval = regcomp(*repp, re, Eflag ? REG_EXTENDED : 0)) != 0)
error(COMPILE, "RE error: %s", strregerror(eval, *repp));
error("RE error: %s", strregerror(eval, *repp));
if (maxnsub < (*repp)->re_nsub)
maxnsub = (*repp)->re_nsub;
free(re);
@ -519,8 +518,8 @@ compile_subst(char *p, struct s_subst *s)
ref = *p - '0';
if (s->re != NULL &&
ref > s->re->re_nsub)
error(COMPILE,
"\\%c not defined in the RE", *p);
error("\\%c not defined in the"
" RE", *p);
if (s->maxbref < ref)
s->maxbref = ref;
} else if (*p == '&' || *p == '\\')
@ -532,14 +531,14 @@ compile_subst(char *p, struct s_subst *s)
s->new = xrealloc(text, size);
return (p);
} else if (*p == '\n') {
error(COMPILE,
"unescaped newline inside substitute pattern");
error("unescaped newline inside substitute"
" pattern");
}
*sp++ = *p;
}
size += sp - op;
} while ((p = cu_getline(&lbuf, &bufsize)));
error(COMPILE, "unterminated substitute in regular expression");
error("unterminated substitute in regular expression");
}
/*
@ -560,7 +559,7 @@ compile_flags(char *p, struct s_subst *s)
switch (*p) {
case 'g':
if (gn)
error(COMPILE, "more than one number or 'g' in"
error("more than one number or 'g' in"
" substitute flags");
gn = 1;
s->n = 0;
@ -576,20 +575,20 @@ compile_flags(char *p, struct s_subst *s)
case '4': case '5': case '6':
case '7': case '8': case '9':
if (gn)
error(COMPILE, "more than one number or 'g' in"
error("more than one number or 'g' in"
" substitute flags");
gn = 1;
l = strtol(p, &p, 10);
if (l <= 0 || l >= INT_MAX)
error(COMPILE,
"number in substitute flags out of range");
error("number in substitute flags out of"
" range");
s->n = (int)l;
continue;
case 'w':
p++;
EATSPACE();
if (*p == '\0')
error(COMPILE, "filename expected");
error("filename expected");
s->wfile = duptoeol(p, "s command w flag", NULL);
*p = '\0';
if (aflag)
@ -597,11 +596,10 @@ compile_flags(char *p, struct s_subst *s)
else if ((s->wfd = open(s->wfile,
O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
DEFFILEMODE)) == -1)
error(FATAL, "%s: %s", s->wfile, strerror(errno));
err(1, "%s", s->wfile);
return (p);
default:
error(COMPILE,
"bad flag in substitute command: '%c'", *p);
error("bad flag in substitute command: '%c'", *p);
break;
}
p++;
@ -621,20 +619,20 @@ compile_tr(char *old, char **transtab)
memset(check, 0, sizeof(check));
delimiter = *old;
if (delimiter == '\\')
error(COMPILE, "\\ can not be used as a string delimiter");
error("\\ can not be used as a string delimiter");
else if (delimiter == '\n' || delimiter == '\0')
error(COMPILE, "newline can not be used as a string delimiter");
error("newline can not be used as a string delimiter");
new = old++;
do {
if ((new = strchr(new + 1, delimiter)) == NULL)
error(COMPILE, "unterminated transform source string");
error("unterminated transform source string");
} while (*(new - 1) == '\\' && *(new -2) != '\\');
*new = '\0';
end = new++;
do {
if ((end = strchr(end + 1, delimiter)) == NULL)
error(COMPILE, "unterminated transform target string");
error("unterminated transform target string");
} while (*(end -1) == '\\' && *(end -2) != '\\');
*end = '\0';
@ -649,24 +647,22 @@ compile_tr(char *old, char **transtab)
if (*old == 'n')
*old = '\n';
else if (*old != delimiter && *old != '\\')
error(COMPILE, "Unexpected character after "
"backslash");
error("Unexpected character after backslash");
}
if (*new == '\\') {
new++;
if (*new == 'n')
*new = '\n';
else if (*new != delimiter && *new != '\\')
error(COMPILE, "Unexpected character after "
"backslash");
error("Unexpected character after backslash");
}
if (check[(u_char) *old] == 1)
error(COMPILE, "Repeated character in source string");
error("Repeated character in source string");
check[(u_char) *old] = 1;
(*transtab)[(u_char) *old++] = *new++;
}
if (*old != '\0' || *new != '\0')
error(COMPILE, "transform strings are not the same length");
error("transform strings are not the same length");
return end + 1;
}
@ -724,7 +720,7 @@ compile_addr(char *p, struct s_addr *a)
case '/': /* Context address */
p = compile_re(p, &a->u.r);
if (p == NULL)
error(COMPILE, "unterminated regular expression");
error("unterminated regular expression");
a->type = AT_RE;
return (p);
@ -738,7 +734,7 @@ compile_addr(char *p, struct s_addr *a)
a->u.l = strtoul(p, &end, 10);
return (end);
default:
error(COMPILE, "expected context address");
error("expected context address");
return (NULL);
}
}
@ -798,7 +794,7 @@ fixuplabel(struct s_command *cp, struct s_command *end)
break;
}
if ((cp->u.c = findlabel(cp->t)) == NULL)
error(COMPILE, "undefined label '%s'", cp->t);
error("undefined label '%s'", cp->t);
free(cp->t);
break;
case '{':
@ -823,7 +819,7 @@ enterlabel(struct s_command *cp)
lhp = &labels[h & LHMASK];
for (lh = *lhp; lh != NULL; lh = lh->lh_next)
if (lh->lh_hash == h && strcmp(cp->t, lh->lh_cmd->t) == 0)
error(COMPILE, "duplicate label '%s'", cp->t);
error("duplicate label '%s'", cp->t);
lh = xmalloc(sizeof *lh);
lh->lh_next = *lhp;
lh->lh_hash = h;

8
usr.bin/sed/defs.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: defs.h,v 1.10 2022/12/26 19:16:02 jmc Exp $ */
/* $OpenBSD: defs.h,v 1.11 2024/07/17 20:57:15 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
* Copyright (c) 1992, 1993
@ -133,12 +133,6 @@ typedef struct {
size_t blen; /* Backing memory length. */
} SPACE;
/*
* Error severity codes:
*/
#define FATAL 1 /* Exit immediately with 1 */
#define COMPILE 2 /* Print error, count and finish script */
/*
* Round up to the nearest multiple of _POSIX2_LINE_MAX
*/

6
usr.bin/sed/extern.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.15 2024/06/18 00:32:22 millert Exp $ */
/* $OpenBSD: extern.h,v 1.16 2024/07/17 20:57:16 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
* Copyright (c) 1992, 1993
@ -49,8 +49,8 @@ void cfclose(struct s_command *, struct s_command *);
void compile(void);
void cspace(SPACE *, const char *, size_t, enum e_spflag);
char *cu_getline(char **, size_t *);
__dead void error(int, const char *, ...);
void warning(const char *, ...);
__dead void error(const char *, ...) __attribute__((__format__ (printf, 1, 2)));
void warning(const char *, ...) __attribute__((__format__ (printf, 1, 2)));
int mf_getline(SPACE *, enum e_spflag);
int lastline(void);
void finish_file(void);

62
usr.bin/sed/main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.45 2024/06/18 00:32:22 millert Exp $ */
/* $OpenBSD: main.c,v 1.47 2024/07/17 20:57:16 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -38,6 +38,7 @@
#include <sys/stat.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@ -166,10 +167,10 @@ main(int argc, char *argv[])
if (inplace != NULL) {
if (pledge("stdio rpath wpath cpath fattr chown", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
} else {
if (pledge("stdio rpath wpath cpath", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
}
/* First usage case; script is the first arg */
@ -184,27 +185,27 @@ main(int argc, char *argv[])
if (*argv) {
if (!pledge_wpath && inplace == NULL) {
if (pledge("stdio rpath", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
}
for (; *argv; argv++)
add_file(*argv);
} else {
if (!pledge_wpath && !pledge_rpath) {
if (pledge("stdio", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
} else if (pledge_rpath) {
if (pledge("stdio rpath", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
} else if (pledge_wpath) {
if (pledge("stdio wpath cpath", NULL) == -1)
error(FATAL, "pledge: %s", strerror(errno));
err(1, "pledge");
}
add_file(NULL);
}
process();
cfclose(prog, NULL);
if (fclose(stdout))
error(FATAL, "stdout: %s", strerror(errno));
err(1, "stdout");
exit (rval);
}
@ -234,8 +235,7 @@ again:
switch (script->type) {
case CU_FILE:
if ((f = fopen(script->s, "r")) == NULL)
error(FATAL,
"%s: %s", script->s, strerror(errno));
err(1, "%s", script->s);
fname = script->s;
state = ST_FILE;
goto again;
@ -310,7 +310,7 @@ finish_file(void)
fclose(infile);
if (*oldfname != '\0') {
if (rename(fname, oldfname) != 0) {
warning("rename()");
warn("rename %s to %s", fname, oldfname);
unlink(tmpfname);
exit(1);
}
@ -320,7 +320,11 @@ finish_file(void)
if (outfile != NULL && outfile != stdout)
fclose(outfile);
outfile = NULL;
rename(tmpfname, fname);
if (rename(tmpfname, fname) != 0) {
warn("rename %s to %s", tmpfname, fname);
unlink(tmpfname);
exit(1);
}
*tmpfname = '\0';
}
outfname = NULL;
@ -346,7 +350,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
/* stdin? */
if (files->fname == NULL) {
if (inplace != NULL)
error(FATAL, "-i may not be used with stdin");
errx(1, "-i may not be used with stdin");
infile = stdin;
fname = "stdin";
outfile = stdout;
@ -377,34 +381,36 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
}
fname = files->fname;
if (inplace != NULL) {
if (lstat(fname, &sb) != 0)
error(FATAL, "%s: %s", fname,
strerror(errno ? errno : EIO));
if (stat(fname, &sb) != 0)
err(1, "%s", fname);
if (!S_ISREG(sb.st_mode))
error(FATAL, "%s: %s %s", fname,
errx(1, "%s: %s %s", fname,
"in-place editing only",
"works for regular files");
if (*inplace != '\0') {
strlcpy(oldfname, fname,
(void)strlcpy(oldfname, fname,
sizeof(oldfname));
len = strlcat(oldfname, inplace,
sizeof(oldfname));
if (len > sizeof(oldfname))
error(FATAL, "%s: name too long", fname);
if (len >= sizeof(oldfname))
errc(1, ENAMETOOLONG, "%s", fname);
}
strlcpy(dirbuf, fname, sizeof(dirbuf));
len = strlcpy(dirbuf, fname, sizeof(dirbuf));
if (len >= sizeof(dirbuf))
errc(1, ENAMETOOLONG, "%s", fname);
len = snprintf(tmpfname, sizeof(tmpfname),
"%s/sedXXXXXXXXXX", dirname(dirbuf));
if (len >= sizeof(tmpfname))
error(FATAL, "%s: name too long", fname);
errc(1, ENAMETOOLONG, "%s", fname);
if ((fd = mkstemp(tmpfname)) == -1)
error(FATAL, "%s: %s", fname, strerror(errno));
err(1, "%s", fname);
(void)fchown(fd, sb.st_uid, sb.st_gid);
(void)fchmod(fd, sb.st_mode & ALLPERMS);
if ((outfile = fdopen(fd, "w")) == NULL) {
warn("%s", fname);
unlink(tmpfname);
error(FATAL, "%s", fname);
exit(1);
}
fchown(fileno(outfile), sb.st_uid, sb.st_gid);
fchmod(fileno(outfile), sb.st_mode & ALLPERMS);
outfname = tmpfname;
linenum = 0;
resetstate();
@ -413,7 +419,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
outfname = "stdout";
}
if ((infile = fopen(fname, "r")) == NULL) {
warning("%s", strerror(errno));
warn("%s", fname);
rval = 1;
continue;
}
@ -429,7 +435,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
*/
len = getline(&p, &psize, infile);
if ((ssize_t)len == -1)
error(FATAL, "%s: %s", fname, strerror(errno));
err(1, "%s", fname);
if (len != 0 && p[len - 1] == '\n') {
sp->append_newline = 1;
len--;

21
usr.bin/sed/misc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.12 2017/01/20 10:26:16 krw Exp $ */
/* $OpenBSD: misc.c,v 1.13 2024/07/17 20:57:16 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -35,7 +35,7 @@
#include <sys/types.h>
#include <errno.h>
#include <err.h>
#include <regex.h>
#include <stdio.h>
#include <stdlib.h>
@ -54,7 +54,7 @@ xmalloc(size_t size)
void *p;
if ((p = malloc(size)) == NULL)
error(FATAL, "%s", strerror(errno));
err(1, NULL);
return (p);
}
@ -64,7 +64,7 @@ xreallocarray(void *o, size_t nmemb, size_t size)
void *p;
if ((p = reallocarray(o, nmemb, size)) == NULL)
error(FATAL, "%s", strerror(errno));
err(1, NULL);
return (p);
}
@ -76,7 +76,7 @@ xrealloc(void *p, size_t size)
{
if ((p = realloc(p, size)) == NULL)
error(FATAL, "%s", strerror(errno));
err(1, NULL);
return (p);
}
@ -102,16 +102,12 @@ strregerror(int errcode, regex_t *preg)
* Error reporting function
*/
__dead void
error(int severity, const char *fmt, ...)
error(const char *fmt, ...)
{
va_list ap;
(void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname);
va_start(ap, fmt);
(void)fprintf(stderr, "sed: ");
switch (severity) {
case COMPILE:
(void)fprintf(stderr, "%lu: %s: ", linenum, fname);
}
(void)vfprintf(stderr, fmt, ap);
va_end(ap);
(void)fprintf(stderr, "\n");
@ -123,9 +119,8 @@ warning(const char *fmt, ...)
{
va_list ap;
(void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname);
va_start(ap, fmt);
(void)fprintf(stderr, "sed: ");
(void)fprintf(stderr, "%lu: %s: ", linenum, fname);
(void)vfprintf(stderr, fmt, ap);
va_end(ap);
(void)fprintf(stderr, "\n");

30
usr.bin/sed/process.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: process.c,v 1.36 2024/06/18 00:32:22 millert Exp $ */
/* $OpenBSD: process.c,v 1.37 2024/07/17 20:57:16 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -38,7 +38,7 @@
#include <sys/uio.h>
#include <ctype.h>
#include <errno.h>
#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <regex.h>
@ -226,12 +226,10 @@ redirect:
if (cp->u.fd == -1 && (cp->u.fd = open(cp->t,
O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
DEFFILEMODE)) == -1)
error(FATAL, "%s: %s",
cp->t, strerror(errno));
err(1, "%s", cp->t);
if ((size_t)write(cp->u.fd, ps, psl) != psl ||
write(cp->u.fd, "\n", 1) != 1)
error(FATAL, "%s: %s",
cp->t, strerror(errno));
err(1, "%s", cp->t);
break;
case 'x':
if (hs == NULL)
@ -346,8 +344,7 @@ substitute(struct s_command *cp)
if (re == NULL) {
if (defpreg != NULL && cp->u.s->maxbref > defpreg->re_nsub) {
linenum = cp->u.s->linenum;
error(COMPILE, "\\%d not defined in the RE",
cp->u.s->maxbref);
error("\\%d not defined in the RE", cp->u.s->maxbref);
}
}
if (!regexec_e(re, ps, 0, 0, 0, psl))
@ -431,10 +428,10 @@ substitute(struct s_command *cp)
if (cp->u.s->wfile && !pd) {
if (cp->u.s->wfd == -1 && (cp->u.s->wfd = open(cp->u.s->wfile,
O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1)
error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno));
err(1, "%s", cp->u.s->wfile);
if ((size_t)write(cp->u.s->wfd, ps, psl) != psl ||
write(cp->u.s->wfd, "\n", 1) != 1)
error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno));
err(1, "%s", cp->u.s->wfile);
}
return (1);
}
@ -473,7 +470,7 @@ flush_appends(void)
break;
}
if (ferror(outfile))
error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO));
err(1, "%s", outfname);
appendx = sdone = 0;
}
@ -513,7 +510,7 @@ lputs(char *s, size_t len)
(void)fputc('$', outfile);
(void)fputc('\n', outfile);
if (ferror(outfile))
error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO));
err(1, "%s", outfname);
}
static inline int
@ -524,7 +521,7 @@ regexec_e(regex_t *preg, const char *string, int eflags,
if (preg == NULL) {
if (defpreg == NULL)
error(FATAL, "first RE may not be empty");
errx(1, "first RE may not be empty");
} else
defpreg = preg;
@ -540,7 +537,7 @@ regexec_e(regex_t *preg, const char *string, int eflags,
case REG_NOMATCH:
return (0);
}
error(FATAL, "RE error: %s", strregerror(eval, defpreg));
errx(1, "RE error: %s", strregerror(eval, defpreg));
}
/*
@ -624,13 +621,12 @@ cfclose(struct s_command *cp, struct s_command *end)
switch (cp->code) {
case 's':
if (cp->u.s->wfd != -1 && close(cp->u.s->wfd))
error(FATAL,
"%s: %s", cp->u.s->wfile, strerror(errno));
err(1, "%s", cp->u.s->wfile);
cp->u.s->wfd = -1;
break;
case 'w':
if (cp->u.fd != -1 && close(cp->u.fd))
error(FATAL, "%s: %s", cp->t, strerror(errno));
err(1, "%s", cp->t);
cp->u.fd = -1;
break;
case '{':

6
usr.bin/ssh/ssh.1
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.442 2024/06/27 21:02:16 jmc Exp $
.Dd $Mdocdate: June 27 2024 $
.\" $OpenBSD: ssh.1,v 1.443 2024/07/18 01:47:27 djm Exp $
.Dd $Mdocdate: July 18 2024 $
.Dt SSH 1
.Os
.Sh NAME
@ -490,6 +490,8 @@ Valid commands are:
(request forwardings without command execution),
.Dq cancel
(cancel forwardings),
.Dq proxy
(connect to a running multiplexing master in proxy mode),
.Dq exit
(request the master to exit), and
.Dq stop

4
usr.sbin/npppd/npppd/parse.y
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.29 2024/07/11 14:05:59 yasuoka Exp $ */
/* $OpenBSD: parse.y,v 1.30 2024/07/17 08:26:19 yasuoka Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -1543,7 +1543,7 @@ npppd_conf_fini(struct npppd_conf *xconf)
TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct)
free(radc);
TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt)
free(radl);
free(radl);
TAILQ_INIT(&xconf->l2tp_confs);
TAILQ_INIT(&xconf->pptp_confs);
TAILQ_INIT(&xconf->pppoe_confs);

39
usr.sbin/radiusd/radiusd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd.c,v 1.50 2024/07/14 15:31:49 yasuoka Exp $ */
/* $OpenBSD: radiusd.c,v 1.51 2024/07/17 11:05:11 yasuoka Exp $ */
/*
* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@ -811,36 +811,10 @@ radius_query_client_secret(struct radius_query *q)
void
radiusd_access_request_answer(struct radius_query *q)
{
const char *authen_secret = q->authen->auth->module->secret;
radius_set_request_packet(q->res, q->req);
if (authen_secret == NULL) {
/*
* The module diddn't check the authenticators
*/
if (radius_check_response_authenticator(q->res,
q->client->secret) != 0) {
log_info("Response from module has bad response "
"authenticator: id=%d", q->id);
goto on_error;
}
if (radius_has_attr(q->res,
RADIUS_TYPE_MESSAGE_AUTHENTICATOR) &&
radius_check_message_authenticator(q->res,
q->client->secret) != 0) {
log_info("Response from module has bad message "
"authenticator: id=%d", q->id);
goto on_error;
}
}
RADIUSD_ASSERT(q->deco == NULL);
radius_query_access_response(q);
return;
on_error:
radiusd_access_request_aborted(q);
radius_query_access_response(q);
}
void
@ -1535,8 +1509,8 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg)
case IMSG_RADIUSD_MODULE_REQDECO_DONE:
if (q->deco == NULL || q->deco->type !=
IMSG_RADIUSD_MODULE_REQDECO) {
log_warnx("q=%u received %s "
"but not requested", q->id, typestr);
log_warnx("q=%u received %s but not "
"requested", q->id, typestr);
if (radpkt != NULL)
radius_delete_packet(radpkt);
break;
@ -1791,9 +1765,8 @@ radiusd_module_access_request(struct radiusd_module *module,
radiusd_access_request_aborted(q);
return;
}
if (q->client->secret[0] != '\0' && module->secret != NULL &&
radius_get_user_password_attr(radpkt, pass, sizeof(pass),
q->client->secret) == 0) {
if (radius_get_user_password_attr(radpkt, pass, sizeof(pass),
q->client->secret) == 0) {
radius_del_attr_all(radpkt, RADIUS_TYPE_USER_PASSWORD);
(void)radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD,
pass, strlen(pass));

18
usr.sbin/radiusd/radiusd.conf.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: radiusd.conf.5,v 1.32 2024/07/14 18:03:59 jmc Exp $
.\" $OpenBSD: radiusd.conf.5,v 1.34 2024/07/18 00:28:53 yasuoka Exp $
.\"
.\" Copyright (c) 2014 Esdenera Networks GmbH
.\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc.
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 14 2024 $
.Dd $Mdocdate: July 18 2024 $
.Dt RADIUSD.CONF 5
.Os
.Sh NAME
@ -92,6 +92,8 @@ See
The
.Dq file
module provides authentication by a local file.
See
.Xr radiusd_file 8 .
.It Do ipcp Dc module
The
.Dq ipcp
@ -154,6 +156,18 @@ Optionally decoration modules can be specified by
.Ar deco .
The specified modules decorate the RADIUS messages in the configured order.
.It Xo
.Ic authentication-filter
.Ar username-pattern ...
.Ic by Ar auth
.Op Ic decorate-by Ar deco ...
.Xc
.Ic authentication-filter
works the same as
.Ic authenticate ,
but the module can work as a filter,
it can ask the authentication to the following authentication modules,
and then it receives the authentication reply and modifies the reply.
.It Xo
.Ic account
.Op Ic quick
.Ar username-pattern ...

3
usr.sbin/radiusd/radiusd/Makefile
View file

@ -1,4 +1,5 @@
# $OpenBSD: Makefile,v 1.3 2024/07/14 15:31:49 yasuoka Exp $
# $OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $
PROG= radiusd
BINDIR= /usr/sbin
MAN= radiusd.8 radiusd.conf.5

9
usr.sbin/radiusd/radiusd_eap2mschap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_eap2mschap.c,v 1.1 2024/07/14 16:09:23 yasuoka Exp $ */
/* $OpenBSD: radiusd_eap2mschap.c,v 1.2 2024/07/17 11:19:27 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
@ -119,7 +119,12 @@ eap2mschap_config_set(void *ctx, const char *name, int argc,
} else if (strcmp(name, "_debug") == 0)
log_init(1);
else if (strncmp(name, "_", 1) == 0)
/* ignore */;
/* ignore all internal messages */;
else {
module_send_message(self->base, IMSG_NG,
"Unknown config parameter `%s'", name);
return;
}
module_send_message(self->base, IMSG_OK, NULL);
return;

3
usr.sbin/radiusd/radiusd_eap2mschap/Makefile
View file

@ -1,4 +1,5 @@
# $OpenBSD: Makefile,v 1.1 2024/07/14 16:09:23 yasuoka Exp $
# $OpenBSD: Makefile,v 1.2 2024/07/17 11:20:24 deraadt Exp $
PROG= radiusd_eap2mschap
BINDIR= /usr/libexec/radiusd
SRCS= radiusd_eap2mschap.c radiusd_module.c radius_subr.c log.c

3
usr.sbin/radiusd/radiusd_file.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_file.c,v 1.2 2024/07/14 15:13:41 yasuoka Exp $ */
/* $OpenBSD: radiusd_file.c,v 1.3 2024/07/17 10:15:39 yasuoka Exp $ */
/*
* Copyright (c) 2024 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -405,7 +405,6 @@ auth_pap(struct module_file *self, u_int q_id, RADIUS_PACKET *radpkt,
return;
}
ret = strcmp(ent->password, pass);
log_info("%s %s", ent->password, pass);
explicit_bzero(ent->password, strlen(ent->password));
log_info("q=%u User `%s' authentication %s (PAP)", q_id, username,
(ret == 0)? "succeeded" : "failed");

4
usr.sbin/radiusd/radiusd_ipcp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_ipcp.c,v 1.4 2024/07/12 15:54:52 yasuoka Exp $ */
/* $OpenBSD: radiusd_ipcp.c,v 1.5 2024/07/17 11:31:46 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
@ -972,7 +972,7 @@ ipcp_accounting_request(void *ctx, u_int q_id, const u_char *pkt,
struct module_ipcp *self = ctx;
struct assigned_ipv4 *assign, *assignt;
char username[256], nas_id[256], buf[256],
buf1[80];
buf1[384];
struct timespec dur;
struct radiusd_ipcp_statistics
stat;

4
usr.sbin/radiusd/radiusd_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_local.h,v 1.15 2024/07/14 15:31:49 yasuoka Exp $ */
/* $OpenBSD: radiusd_local.h,v 1.16 2024/07/17 11:31:46 yasuoka Exp $ */
/*
* Copyright (c) 2013 Internet Initiative Japan Inc.
@ -160,7 +160,7 @@ extern struct radiusd *radiusd_s;
#ifdef RADIUSD_DEBUG
#define RADIUSD_DBG(x) log_debug x
#else
#define RADIUSD_DBG(x)
#define RADIUSD_DBG(x) ((void)0)
#endif
#define RADIUSD_ASSERT(_cond) \
do { \

4
usr.sbin/radiusd/radiusd_standard/Makefile
View file

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $
# $OpenBSD: Makefile,v 1.3 2024/07/02 16:18:11 deraadt Exp $
PROG= radiusd_standard
BINDIR= /usr/libexec/radiusd
SRCS= radiusd_standard.c radiusd_module.c
LDADD= -lradius -lcrypto -lutil
DPADD= ${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL}
DPADD= ${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL}
MAN= radiusd_standard.8
.include <bsd.prog.mk>