From d1109c2ac1c56397bec4ff04975b1de263d26d5f Mon Sep 17 00:00:00 2001 From: purplerain Date: Thu, 18 Jul 2024 16:18:12 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libc/sys/getrusage.2 | 11 +- lib/libc/sys/link.2 | 10 +- libexec/login_radius/Makefile | 6 +- libexec/login_radius/raddauth.c | 37 +- regress/lib/libssl/ciphers/cipherstest.c | 759 ++++++++++++++++++- sbin/iked/radius.c | 16 +- share/man/man4/speaker.4 | 6 +- sys/arch/arm64/arm64/autoconf.c | 4 +- sys/arch/arm64/arm64/cpu.c | 36 +- sys/arch/arm64/arm64/machdep.c | 27 +- sys/arch/arm64/include/cpu.h | 5 +- sys/net/pf_ioctl.c | 4 +- sys/sys/proc.h | 6 +- usr.bin/sed/compile.c | 100 ++- usr.bin/sed/defs.h | 8 +- usr.bin/sed/extern.h | 6 +- usr.bin/sed/main.c | 62 +- usr.bin/sed/misc.c | 21 +- usr.bin/sed/process.c | 30 +- usr.bin/ssh/ssh.1 | 6 +- usr.sbin/npppd/npppd/parse.y | 4 +- usr.sbin/radiusd/radiusd.c | 39 +- usr.sbin/radiusd/radiusd.conf.5 | 18 +- usr.sbin/radiusd/radiusd/Makefile | 3 +- usr.sbin/radiusd/radiusd_eap2mschap.c | 9 +- usr.sbin/radiusd/radiusd_eap2mschap/Makefile | 3 +- usr.sbin/radiusd/radiusd_file.c | 3 +- usr.sbin/radiusd/radiusd_ipcp.c | 4 +- usr.sbin/radiusd/radiusd_local.h | 4 +- usr.sbin/radiusd/radiusd_standard/Makefile | 4 +- 30 files changed, 1016 insertions(+), 235 deletions(-) diff --git a/lib/libc/sys/getrusage.2 b/lib/libc/sys/getrusage.2 index aeaf5c9d1..35eccf70b 100644 --- a/lib/libc/sys/getrusage.2 +++ b/lib/libc/sys/getrusage.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getrusage.2,v 1.17 2015/02/28 21:51:57 bentley Exp $ +.\" $OpenBSD: getrusage.2,v 1.18 2024/07/17 13:29:05 claudio Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)getrusage.2 8.1 (Berkeley) 6/4/93 .\" -.Dd $Mdocdate: February 28 2015 $ +.Dd $Mdocdate: July 17 2024 $ .Dt GETRUSAGE 2 .Os .Sh NAME @@ -48,7 +48,10 @@ which can be one of the following: .It Dv RUSAGE_SELF Resources used by the current process. .It Dv RUSAGE_CHILDREN -Resources used by all the terminated children of the current process. +Resources used by all the terminated children of the current process which +were waited upon. +If the child is never waited for, the resource information for the child +process is discarded. .It Dv RUSAGE_THREAD Resources used by the current thread. .El @@ -186,4 +189,4 @@ flag has been available since .Ox 4.8 . .Sh BUGS There is no way to obtain information about a child process -that has not yet terminated. +that has not yet terminated or has not been waited for by the parent. diff --git a/lib/libc/sys/link.2 b/lib/libc/sys/link.2 index 4d6f9f1ab..0047f6e1f 100644 --- a/lib/libc/sys/link.2 +++ b/lib/libc/sys/link.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: link.2,v 1.30 2024/03/25 17:57:07 guenther Exp $ +.\" $OpenBSD: link.2,v 1.31 2024/07/18 15:38:57 millert Exp $ .\" $NetBSD: link.2,v 1.7 1995/02/27 12:34:01 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)link.2 8.3 (Berkeley) 1/12/94 .\" -.Dd $Mdocdate: March 25 2024 $ +.Dd $Mdocdate: July 18 2024 $ .Dt LINK 2 .Os .Sh NAME @@ -65,15 +65,13 @@ is removed, the file .Fa name2 is not deleted and the link count of the underlying object is decremented. .Pp +For the hard link to succeed, .Fa name1 -must exist for the hard link to succeed and both +must exist and not be a directory, and both .Fa name1 and .Fa name2 must be in the same file system. -As mandated by POSIX.1 -.Fa name1 -may not be a directory. .Pp The .Fn linkat diff --git a/libexec/login_radius/Makefile b/libexec/login_radius/Makefile index fb9f330ec..4d350b234 100644 --- a/libexec/login_radius/Makefile +++ b/libexec/login_radius/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.2 2002/11/21 22:26:32 millert Exp $ +# $OpenBSD: Makefile,v 1.3 2024/07/17 20:50:28 yasuoka Exp $ PROG= login_radius SRCS= login_radius.c raddauth.c MAN= login_radius.8 -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBUTIL} ${LIBCRYPTO} +LDADD= -lutil -lcrypto CFLAGS+=-Wall BINOWN= root diff --git a/libexec/login_radius/raddauth.c b/libexec/login_radius/raddauth.c index 3d3a67961..6625203dd 100644 --- a/libexec/login_radius/raddauth.c +++ b/libexec/login_radius/raddauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raddauth.c,v 1.31 2023/03/02 16:13:57 millert Exp $ */ +/* $OpenBSD: raddauth.c,v 1.33 2024/07/18 02:45:31 yasuoka Exp $ */ /*- * Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved. @@ -84,8 +84,9 @@ #include #include #include -#include #include +#include +#include #include "login_radius.h" @@ -95,6 +96,7 @@ #define AUTH_VECTOR_LEN 16 #define AUTH_HDR_LEN 20 #define AUTH_PASS_LEN (256 - 16) +#define AUTH_MSGAUTH_LEN 16 #define PW_AUTHENTICATION_REQUEST 1 #define PW_AUTHENTICATION_ACK 2 #define PW_AUTHENTICATION_REJECT 3 @@ -105,6 +107,7 @@ #define PW_CLIENT_PORT_ID 5 #define PW_PORT_MESSAGE 18 #define PW_STATE 24 +#define PW_MSG_AUTH 80 #ifndef RADIUS_DIR #define RADIUS_DIR "/etc/raddb" @@ -347,7 +350,7 @@ rad_request(u_char id, char *name, char *password, int port, char *vector, int i, len, secretlen, total_length, p; struct sockaddr_in sin; u_char md5buf[MAXSECRETLEN+AUTH_VECTOR_LEN], digest[AUTH_VECTOR_LEN], - pass_buf[AUTH_PASS_LEN], *pw, *ptr; + pass_buf[AUTH_PASS_LEN], *pw, *ptr, *ma; u_int length; in_addr_t ipaddr; MD5_CTX context; @@ -359,6 +362,15 @@ rad_request(u_char id, char *name, char *password, int port, char *vector, total_length = AUTH_HDR_LEN; ptr = auth.data; + /* Preserve space for msgauth */ + *ptr++ = PW_MSG_AUTH; + length = 16; + *ptr++ = length + 2; + ma = ptr; + memset(ma, 0, 16); + ptr += length; + total_length += length + 2; + /* User name */ *ptr++ = PW_USER_NAME; length = strlen(name); @@ -391,9 +403,9 @@ rad_request(u_char id, char *name, char *password, int port, char *vector, /* XOR the password into the md5 digest */ pw = pass_buf; while (p-- > 0) { - MD5Init(&context); - MD5Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN); - MD5Final(digest, &context); + MD5_Init(&context); + MD5_Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN); + MD5_Final(digest, &context); for (i = 0; i < AUTH_VECTOR_LEN; ++i) { *ptr = digest[i] ^ *pw; md5buf[secretlen+i] = *ptr++; @@ -431,6 +443,11 @@ rad_request(u_char id, char *name, char *password, int port, char *vector, auth.length = htons(total_length); + /* Calc msgauth */ + if (HMAC(EVP_md5(), auth_secret, secretlen, (unsigned char *)&auth, + total_length, ma, NULL) == NULL) + errx(1, "HMAC() failed"); + memset(&sin, 0, sizeof (sin)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = auth_server; @@ -473,10 +490,10 @@ rad_recv(char *state, char *challenge, u_char *req_vector) /* verify server's shared secret */ memcpy(recv_vector, auth.vector, AUTH_VECTOR_LEN); memcpy(auth.vector, req_vector, AUTH_VECTOR_LEN); - MD5Init(&context); - MD5Update(&context, (u_char *)&auth, ntohs(auth.length)); - MD5Update(&context, auth_secret, strlen(auth_secret)); - MD5Final(test_vector, &context); + MD5_Init(&context); + MD5_Update(&context, (u_char *)&auth, ntohs(auth.length)); + MD5_Update(&context, auth_secret, strlen(auth_secret)); + MD5_Final(test_vector, &context); if (memcmp(recv_vector, test_vector, AUTH_VECTOR_LEN) != 0) errx(1, "shared secret incorrect"); diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c index e1411d682..97ad2be2b 100644 --- a/regress/lib/libssl/ciphers/cipherstest.c +++ b/regress/lib/libssl/ciphers/cipherstest.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cipherstest.c,v 1.15 2024/07/17 15:22:56 tb Exp $ */ /* * Copyright (c) 2015, 2020 Joel Sing * @@ -14,6 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include +#include #include #include @@ -67,16 +70,674 @@ check_cipher_order(void) return 0; } +struct ssl_cipher_test { + uint16_t value; + int auth_nid; + int cipher_nid; + int digest_nid; + int handshake_digest_nid; + int kx_nid; + int strength_bits; + int symmetric_bits; + int is_aead; +}; + +static const struct ssl_cipher_test ssl_cipher_tests[] = { + { + .value = 0x0004, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_rc4, + .digest_nid = NID_md5, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0005, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_rc4, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x000a, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0x0016, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0x0018, + .auth_nid = NID_auth_null, + .cipher_nid = NID_rc4, + .digest_nid = NID_md5, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x001b, + .auth_nid = NID_auth_null, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0x002f, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0033, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0034, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0035, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x0039, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x003a, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x003c, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x003d, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x0041, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0045, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0046, + .auth_nid = NID_auth_null, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x0067, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x006b, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x006c, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x006d, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x0084, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x0088, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x0089, + .auth_nid = NID_auth_null, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x009c, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0x009d, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_rsa, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0x009e, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0x009f, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0x00a6, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0x00a7, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0x00ba, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x00be, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x00bf, + .auth_nid = NID_auth_null, + .cipher_nid = NID_camellia_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0x00c0, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_rsa, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x00c4, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x00c5, + .auth_nid = NID_auth_null, + .cipher_nid = NID_camellia_256_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0x1301, + .auth_nid = NID_undef, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_undef, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0x1302, + .auth_nid = NID_undef, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_undef, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0x1303, + .auth_nid = NID_undef, + .cipher_nid = NID_chacha20_poly1305, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_undef, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0xc007, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_rc4, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc008, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0xc009, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc00a, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0xc011, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_rc4, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc012, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0xc013, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc014, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0xc016, + .auth_nid = NID_auth_null, + .cipher_nid = NID_rc4, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc017, + .auth_nid = NID_auth_null, + .cipher_nid = NID_des_ede3_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 112, + .symmetric_bits = 168, + }, + { + .value = 0xc018, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc019, + .auth_nid = NID_auth_null, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha1, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0xc023, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc024, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha384, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0xc027, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_cbc, + .digest_nid = NID_sha256, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + }, + { + .value = 0xc028, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_cbc, + .digest_nid = NID_sha384, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + }, + { + .value = 0xc02b, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0xc02c, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0xc02f, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_128_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 128, + .symmetric_bits = 128, + .is_aead = 1, + }, + { + .value = 0xc030, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_aes_256_gcm, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha384, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0xcca8, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_chacha20_poly1305, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0xcca9, + .auth_nid = NID_auth_ecdsa, + .cipher_nid = NID_chacha20_poly1305, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_ecdhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, + { + .value = 0xccaa, + .auth_nid = NID_auth_rsa, + .cipher_nid = NID_chacha20_poly1305, + .digest_nid = NID_undef, + .handshake_digest_nid = NID_sha256, + .kx_nid = NID_kx_dhe, + .strength_bits = 256, + .symmetric_bits = 256, + .is_aead = 1, + }, +}; + +#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0])) + static int -cipher_find_test(void) +test_ssl_ciphers(void) { + int i, strength_bits, symmetric_bits; + const struct ssl_cipher_test *sct; STACK_OF(SSL_CIPHER) *ciphers; const SSL_CIPHER *cipher; + const EVP_MD *digest; unsigned char buf[2]; + const char *description; + char desc_buf[256]; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + size_t j; int ret = 1; - int i; if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { fprintf(stderr, "SSL_CTX_new() returned NULL\n"); @@ -96,6 +757,12 @@ cipher_find_test(void) goto failure; } + if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) { + fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n", + sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS); + goto failure; + } + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { uint16_t cipher_value; @@ -106,18 +773,94 @@ cipher_find_test(void) buf[1] = cipher_value & 0xff; if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { - fprintf(stderr, - "SSL_CIPHER_find() returned NULL for %s\n", + fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n", SSL_CIPHER_get_name(cipher)); goto failure; } - if (SSL_CIPHER_get_value(cipher) != cipher_value) { - fprintf(stderr, - "got cipher with value 0x%x, want 0x%x\n", + fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n", SSL_CIPHER_get_value(cipher), cipher_value); goto failure; } + if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) { + fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n", + SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value)); + goto failure; + } + + sct = NULL; + for (j = 0; j < N_SSL_CIPHER_TESTS; j++) { + if (ssl_cipher_tests[j].value == cipher_value) { + sct = &ssl_cipher_tests[j]; + break; + } + } + if (sct == NULL) { + fprintf(stderr, "cipher '%s' (0x%04x) not found in test " + "table\n", SSL_CIPHER_get_name(cipher), cipher_value); + goto failure; + } + + if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) { + fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, " + "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, + SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid); + goto failure; + } + if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) { + fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, " + "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, + SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid); + goto failure; + } + if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) { + fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, " + "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, + SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid); + goto failure; + } + if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) { + fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, " + "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, + SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid); + goto failure; + } + + /* Having API consistency is a wonderful thing... */ + digest = SSL_CIPHER_get_handshake_digest(cipher); + if (EVP_MD_nid(digest) != sct->handshake_digest_nid) { + fprintf(stderr, "cipher '%s' (0x%04x) - got handshake " + "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher), + cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid); + goto failure; + } + + strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits); + if (strength_bits != sct->strength_bits) { + fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits " + "%d, want %d\n", SSL_CIPHER_get_name(cipher), + cipher_value, strength_bits, sct->strength_bits); + goto failure; + } + if (symmetric_bits != sct->symmetric_bits) { + fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits " + "%d, want %d\n", SSL_CIPHER_get_name(cipher), + cipher_value, symmetric_bits, sct->symmetric_bits); + goto failure; + } + if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) { + fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, " + "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, + SSL_CIPHER_is_aead(cipher), sct->is_aead); + goto failure; + } + + if ((description = SSL_CIPHER_description(cipher, desc_buf, + sizeof(desc_buf))) != desc_buf) { + fprintf(stderr, "cipher '%s' (0x%04x) - failed to get " + "description\n", SSL_CIPHER_get_name(cipher), cipher_value); + goto failure; + } } ret = 0; @@ -466,7 +1209,7 @@ main(int argc, char **argv) failed |= check_cipher_order(); - failed |= cipher_find_test(); + failed |= test_ssl_ciphers(); failed |= parse_ciphersuites_test(); failed |= cipher_set_test(); diff --git a/sbin/iked/radius.c b/sbin/iked/radius.c index ab2e6fb1e..61e9b05a1 100644 --- a/sbin/iked/radius.c +++ b/sbin/iked/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.7 2024/07/13 14:28:27 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.8 2024/07/18 08:58:59 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -177,6 +177,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (req == NULL) { log_debug("%s: received an unknown RADIUS message: id=%u", __func__, (unsigned)resid); + radius_delete_packet(pkt); return; } @@ -184,6 +185,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (radius_check_response_authenticator(pkt, server->rs_secret) != 0) { log_info("%s: received an invalid RADIUS message: bad " "response authenticator", __func__); + radius_delete_packet(pkt); return; } if (req->rr_accounting) { @@ -200,6 +202,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) TAILQ_REMOVE(&server->rs_reqs, req, rr_entry); req->rr_server = NULL; free(req); + radius_delete_packet(pkt); return; } @@ -207,6 +210,7 @@ iked_radius_on_event(int fd, short ev, void *ctx) if (radius_check_message_authenticator(pkt, server->rs_secret) != 0) { log_info("%s: received an invalid RADIUS message: bad " "message authenticator", __func__); + radius_delete_packet(pkt); return; } @@ -314,10 +318,14 @@ iked_radius_on_event(int fd, short ev, void *ctx) log_info("%s: failed to retrieve the EAP message", __func__); goto fail; } + radius_delete_packet(pkt); ikev2_send_ike_e(env, req->rr_sa, e, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); + /* keep request for challenge state and config parameters */ + req->rr_reqid = -1; /* release reqid */ return; fail: + radius_delete_packet(pkt); if (req->rr_server != NULL) TAILQ_REMOVE(&server->rs_reqs, req, rr_entry); req->rr_server = NULL; @@ -416,8 +424,10 @@ iked_radius_request_send(struct iked *env, void *ctx) if (req->rr_ntry == 0) { /* decide the ID */ seq = ++server->rs_reqseq; - for (i = 0; i < UCHAR_MAX; i++) { + for (i = 0; i <= UCHAR_MAX; i++) { TAILQ_FOREACH(req0, &server->rs_reqs, rr_entry) { + if (req0->rr_reqid == -1) + continue; if (req0->rr_reqid == seq) break; } @@ -425,7 +435,7 @@ iked_radius_request_send(struct iked *env, void *ctx) break; seq++; } - if (i >= UCHAR_MAX) { + if (i > UCHAR_MAX) { log_info("%s: RADIUS server %s failed. Too many " "pending requests", __func__, print_addr(&server->rs_sockaddr)); diff --git a/share/man/man4/speaker.4 b/share/man/man4/speaker.4 index 0ee8db649..89add7b3b 100644 --- a/share/man/man4/speaker.4 +++ b/share/man/man4/speaker.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: speaker.4,v 1.11 2022/09/11 06:38:11 jmc Exp $ +.\" $OpenBSD: speaker.4,v 1.12 2024/07/18 05:44:46 jmc Exp $ .\" $NetBSD: speaker.4,v 1.9 1998/08/18 08:16:56 augustss Exp $ .\" .\" Copyright (c) 1993 Christopher G. Demetriou @@ -29,7 +29,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2022 $ +.Dd $Mdocdate: July 18 2024 $ .Dt SPKR 4 .Os .Sh NAME @@ -123,7 +123,7 @@ or the first two of these cause it to be sharped one half-tone, the last causes it to be flatted one half-tone. It may also be followed by a time value number and by sustain dots (see below). -Time values are interpreted as for the L command below;. +Time values are interpreted as for the L command below. .It O Aq Ar n If .Ar n diff --git a/sys/arch/arm64/arm64/autoconf.c b/sys/arch/arm64/arm64/autoconf.c index 207f50969..75ef6d7da 100644 --- a/sys/arch/arm64/arm64/autoconf.c +++ b/sys/arch/arm64/arm64/autoconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: autoconf.c,v 1.14 2022/09/08 10:22:06 kn Exp $ */ +/* $OpenBSD: autoconf.c,v 1.15 2024/07/17 15:21:59 kettenis Exp $ */ /* * Copyright (c) 2009 Miodrag Vallat. * @@ -61,6 +61,8 @@ cpu_configure(void) unmap_startup(); + cpu_identify_cleanup(); + #ifdef CRYPTO if (arm64_has_aes) cryptox_setup(); diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c index 04cfd3cb7..09c2cdf8f 100644 --- a/sys/arch/arm64/arm64/cpu.c +++ b/sys/arch/arm64/arm64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.126 2024/07/14 09:48:48 jca Exp $ */ +/* $OpenBSD: cpu.c,v 1.127 2024/07/17 15:21:59 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn @@ -1024,6 +1024,40 @@ cpu_identify(struct cpu_info *ci) #endif } +void +cpu_identify_cleanup(void) +{ + uint64_t value; + + /* ID_AA64ISAR0_EL1 */ + value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK; + value &= ~ID_AA64ISAR0_TLB_MASK; + cpu_id_aa64isar0 = value; + + /* ID_AA64ISAR1_EL1 */ + value = cpu_id_aa64isar1 &= ID_AA64ISAR1_MASK; + value &= ~ID_AA64ISAR1_SPECRES_MASK; + cpu_id_aa64isar1 = value; + + /* ID_AA64ISAR2_EL1 */ + value = cpu_id_aa64isar2 &= ID_AA64ISAR2_MASK; + value &= ~ID_AA64ISAR2_CLRBHB_MASK; + cpu_id_aa64isar2 = value; + + /* ID_AA64PFR0_EL1 */ + value = 0; + value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK; + value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK; + value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK; + cpu_id_aa64pfr0 = value; + + /* ID_AA64PFR1_EL1 */ + value = 0; + value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK; + value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK; + cpu_id_aa64pfr1 = value; +} + void cpu_init(void); int cpu_start_secondary(struct cpu_info *ci, int, uint64_t); int cpu_clockspeed(int *); diff --git a/sys/arch/arm64/arm64/machdep.c b/sys/arch/arm64/arm64/machdep.c index 7b53ee1f4..c3605a016 100644 --- a/sys/arch/arm64/arm64/machdep.c +++ b/sys/arch/arm64/arm64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.90 2024/07/03 21:04:04 kettenis Exp $ */ +/* $OpenBSD: machdep.c,v 1.91 2024/07/17 15:21:59 kettenis Exp $ */ /* * Copyright (c) 2014 Patrick Wildt * Copyright (c) 2021 Mark Kettenis @@ -332,7 +332,6 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, { char *compatible; int node, len, error; - uint64_t value; /* all sysctl names at this level are terminal */ if (namelen != 1) @@ -351,25 +350,15 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, free(compatible, M_TEMP, len); return error; case CPU_ID_AA64ISAR0: - value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK; - value &= ~ID_AA64ISAR0_TLB_MASK; - return sysctl_rdquad(oldp, oldlenp, newp, value); + return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar0); case CPU_ID_AA64ISAR1: - value = cpu_id_aa64isar1 & ID_AA64ISAR1_MASK; - value &= ~ID_AA64ISAR1_SPECRES_MASK; - return sysctl_rdquad(oldp, oldlenp, newp, value); - case CPU_ID_AA64PFR0: - value = 0; - value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK; - value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK; - value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK; - return sysctl_rdquad(oldp, oldlenp, newp, value); - case CPU_ID_AA64PFR1: - value = 0; - value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK; - value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK; - return sysctl_rdquad(oldp, oldlenp, newp, value); + return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar1); case CPU_ID_AA64ISAR2: + return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar2); + case CPU_ID_AA64PFR0: + return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr0); + case CPU_ID_AA64PFR1: + return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr1); case CPU_ID_AA64MMFR0: case CPU_ID_AA64MMFR1: case CPU_ID_AA64MMFR2: diff --git a/sys/arch/arm64/include/cpu.h b/sys/arch/arm64/include/cpu.h index c9b0e1091..33084f67c 100644 --- a/sys/arch/arm64/include/cpu.h +++ b/sys/arch/arm64/include/cpu.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.h,v 1.48 2024/07/10 11:01:24 kettenis Exp $ */ +/* $OpenBSD: cpu.h,v 1.49 2024/07/17 15:21:59 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn * @@ -63,9 +63,12 @@ extern uint64_t cpu_id_aa64isar0; extern uint64_t cpu_id_aa64isar1; +extern uint64_t cpu_id_aa64isar2; extern uint64_t cpu_id_aa64pfr0; extern uint64_t cpu_id_aa64pfr1; +void cpu_identify_cleanup(void); + #include #include #include diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 3617c8581..7900fce1e 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.417 2024/05/13 01:15:53 jsg Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.418 2024/07/18 14:46:28 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -287,7 +287,7 @@ pfattach(int num) */ pf_anchor_stack = cpumem_malloc( sizeof(struct pf_anchor_stackframe) * (PF_ANCHOR_STACK_MAX + 2), - M_WAITOK|M_ZERO); + M_PF); CPUMEM_FOREACH(sf, &cmi, pf_anchor_stack) sf[PF_ANCHOR_STACK_MAX].sf_stack_top = &sf[0]; } diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 5966c10e8..fc19fd401 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.363 2024/07/15 07:24:03 jsg Exp $ */ +/* $OpenBSD: proc.h,v 1.364 2024/07/17 09:54:14 claudio Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -444,8 +444,8 @@ struct proc { #define P_BITS \ ("\20" "\01INKTR" "\02PROFPEND" "\03ALRMPEND" "\04SIGSUSPEND" \ "\05CANTSLEEP" "\06WSLEEP" "\010SINTR" "\012SYSTEM" "\013TIMEOUT" \ - "\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\027XX" \ - "\030CONTINUED" "\033THREAD" "\034SUSPSIG" "\035SOFTDEP" "\037CPUPEG") + "\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\030CONTINUED" "\033THREAD" \ + "\034SUSPSIG" "\037CPUPEG") #define THREAD_PID_OFFSET 100000 diff --git a/usr.bin/sed/compile.c b/usr.bin/sed/compile.c index f21fd0acd..d13ef34ed 100644 --- a/usr.bin/sed/compile.c +++ b/usr.bin/sed/compile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compile.c,v 1.52 2024/06/18 00:32:22 millert Exp $ */ +/* $OpenBSD: compile.c,v 1.53 2024/07/17 20:57:15 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -37,7 +37,7 @@ #include #include -#include +#include #include #include #include @@ -153,7 +153,7 @@ compile_stream(struct s_command **link) for (;;) { if ((p = cu_getline(&lbuf, &bufsize)) == NULL) { if (stack != 0) - error(COMPILE, "unexpected EOF (pending }'s)"); + error("unexpected EOF (pending }'s)"); return (link); } @@ -193,17 +193,16 @@ semicolon: EATSPACE(); nonsel: /* Now parse the command */ if (!*p) - error(COMPILE, "command expected"); + error("command expected"); cmd->code = *p; for (fp = cmd_fmts; fp->code; fp++) if (fp->code == *p) break; if (!fp->code) - error(COMPILE, "invalid command code %c", *p); + error("invalid command code %c", *p); if (naddr > fp->naddr) - error(COMPILE, - "command %c expects up to %d address(es), found %d", - *p, fp->naddr, naddr); + error("command %c expects up to %d address(es)," + " found %d", *p, fp->naddr, naddr); switch (fp->args) { case NONSEL: /* ! */ p++; @@ -226,7 +225,7 @@ nonsel: /* Now parse the command */ */ cmd->nonsel = 1; if (stack == 0) - error(COMPILE, "unexpected }"); + error("unexpected }"); cmd2 = stack; stack = cmd2->next; cmd2->next = cmd; @@ -240,19 +239,19 @@ nonsel: /* Now parse the command */ goto semicolon; } if (*p) - error(COMPILE, -"extra characters at the end of %c command", cmd->code); + error("extra characters at the end of %c" + " command", cmd->code); break; case TEXT: /* a c i */ p++; EATSPACE(); if (*p != '\\') - error(COMPILE, "command %c expects \\ followed by" - " text", cmd->code); + error("command %c expects \\ followed by text", + cmd->code); p++; EATSPACE(); if (*p) - error(COMPILE, "extra characters after \\ at the" + error("extra characters after \\ at the" " end of %c command", cmd->code); cmd->t = compile_text(); break; @@ -262,7 +261,7 @@ nonsel: /* Now parse the command */ p++; EATSPACE(); if (*p == '\0') - error(COMPILE, "filename expected"); + error("filename expected"); cmd->t = duptoeol(p, "w command", NULL); if (aflag) { cmd->u.fd = -1; @@ -271,14 +270,14 @@ nonsel: /* Now parse the command */ else if ((cmd->u.fd = open(p, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) - error(FATAL, "%s: %s", p, strerror(errno)); + err(1, "%s", p); break; case RFILE: /* r */ pledge_rpath = 1; p++; EATSPACE(); if (*p == '\0') - error(COMPILE, "filename expected"); + error("filename expected"); cmd->t = duptoeol(p, "read command", NULL); break; case BRANCH: /* b t */ @@ -298,7 +297,7 @@ nonsel: /* Now parse the command */ EATSPACE(); cmd->t = duptoeol(p, "label", &p); if (strlen(cmd->t) == 0) - error(COMPILE, "empty label"); + error("empty label"); enterlabel(cmd); if (*p == ';') { p++; @@ -308,12 +307,12 @@ nonsel: /* Now parse the command */ case SUBST: /* s */ p++; if (*p == '\0' || *p == '\\') - error(COMPILE, "substitute pattern can not be" + error("substitute pattern can not be" " delimited by newline or backslash"); cmd->u.s = xmalloc(sizeof(struct s_subst)); p = compile_re(p, &cmd->u.s->re); if (p == NULL) - error(COMPILE, "unterminated substitute pattern"); + error("unterminated substitute pattern"); --p; p = compile_subst(p, cmd->u.s); p = compile_flags(p, cmd->u.s); @@ -334,7 +333,7 @@ nonsel: /* Now parse the command */ goto semicolon; } if (*p) - error(COMPILE, "extra text at the end of a" + error("extra text at the end of a" " transform command"); break; } @@ -359,9 +358,9 @@ compile_delimited(char *p, char *d) if (c == '\0') return (NULL); else if (c == '\\') - error(COMPILE, "\\ can not be used as a string delimiter"); + error("\\ can not be used as a string delimiter"); else if (c == '\n') - error(COMPILE, "newline can not be used as a string delimiter"); + error("newline can not be used as a string delimiter"); while (p[0]) { /* Unescaped delimiter: We are done. */ @@ -393,7 +392,7 @@ compile_delimited(char *p, char *d) * It may contain the delimiter without escaping. */ else if ((d = compile_ccl(&p, d)) == NULL) - error(COMPILE, "unbalanced brackets ([])"); + error("unbalanced brackets ([])"); } return NULL; } @@ -453,7 +452,7 @@ compile_re(char *p, regex_t **repp) } *repp = xmalloc(sizeof(regex_t)); if (p && (eval = regcomp(*repp, re, Eflag ? REG_EXTENDED : 0)) != 0) - error(COMPILE, "RE error: %s", strregerror(eval, *repp)); + error("RE error: %s", strregerror(eval, *repp)); if (maxnsub < (*repp)->re_nsub) maxnsub = (*repp)->re_nsub; free(re); @@ -519,8 +518,8 @@ compile_subst(char *p, struct s_subst *s) ref = *p - '0'; if (s->re != NULL && ref > s->re->re_nsub) - error(COMPILE, -"\\%c not defined in the RE", *p); + error("\\%c not defined in the" + " RE", *p); if (s->maxbref < ref) s->maxbref = ref; } else if (*p == '&' || *p == '\\') @@ -532,14 +531,14 @@ compile_subst(char *p, struct s_subst *s) s->new = xrealloc(text, size); return (p); } else if (*p == '\n') { - error(COMPILE, -"unescaped newline inside substitute pattern"); + error("unescaped newline inside substitute" + " pattern"); } *sp++ = *p; } size += sp - op; } while ((p = cu_getline(&lbuf, &bufsize))); - error(COMPILE, "unterminated substitute in regular expression"); + error("unterminated substitute in regular expression"); } /* @@ -560,7 +559,7 @@ compile_flags(char *p, struct s_subst *s) switch (*p) { case 'g': if (gn) - error(COMPILE, "more than one number or 'g' in" + error("more than one number or 'g' in" " substitute flags"); gn = 1; s->n = 0; @@ -576,20 +575,20 @@ compile_flags(char *p, struct s_subst *s) case '4': case '5': case '6': case '7': case '8': case '9': if (gn) - error(COMPILE, "more than one number or 'g' in" + error("more than one number or 'g' in" " substitute flags"); gn = 1; l = strtol(p, &p, 10); if (l <= 0 || l >= INT_MAX) - error(COMPILE, - "number in substitute flags out of range"); + error("number in substitute flags out of" + " range"); s->n = (int)l; continue; case 'w': p++; EATSPACE(); if (*p == '\0') - error(COMPILE, "filename expected"); + error("filename expected"); s->wfile = duptoeol(p, "s command w flag", NULL); *p = '\0'; if (aflag) @@ -597,11 +596,10 @@ compile_flags(char *p, struct s_subst *s) else if ((s->wfd = open(s->wfile, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) - error(FATAL, "%s: %s", s->wfile, strerror(errno)); + err(1, "%s", s->wfile); return (p); default: - error(COMPILE, - "bad flag in substitute command: '%c'", *p); + error("bad flag in substitute command: '%c'", *p); break; } p++; @@ -621,20 +619,20 @@ compile_tr(char *old, char **transtab) memset(check, 0, sizeof(check)); delimiter = *old; if (delimiter == '\\') - error(COMPILE, "\\ can not be used as a string delimiter"); + error("\\ can not be used as a string delimiter"); else if (delimiter == '\n' || delimiter == '\0') - error(COMPILE, "newline can not be used as a string delimiter"); + error("newline can not be used as a string delimiter"); new = old++; do { if ((new = strchr(new + 1, delimiter)) == NULL) - error(COMPILE, "unterminated transform source string"); + error("unterminated transform source string"); } while (*(new - 1) == '\\' && *(new -2) != '\\'); *new = '\0'; end = new++; do { if ((end = strchr(end + 1, delimiter)) == NULL) - error(COMPILE, "unterminated transform target string"); + error("unterminated transform target string"); } while (*(end -1) == '\\' && *(end -2) != '\\'); *end = '\0'; @@ -649,24 +647,22 @@ compile_tr(char *old, char **transtab) if (*old == 'n') *old = '\n'; else if (*old != delimiter && *old != '\\') - error(COMPILE, "Unexpected character after " - "backslash"); + error("Unexpected character after backslash"); } if (*new == '\\') { new++; if (*new == 'n') *new = '\n'; else if (*new != delimiter && *new != '\\') - error(COMPILE, "Unexpected character after " - "backslash"); + error("Unexpected character after backslash"); } if (check[(u_char) *old] == 1) - error(COMPILE, "Repeated character in source string"); + error("Repeated character in source string"); check[(u_char) *old] = 1; (*transtab)[(u_char) *old++] = *new++; } if (*old != '\0' || *new != '\0') - error(COMPILE, "transform strings are not the same length"); + error("transform strings are not the same length"); return end + 1; } @@ -724,7 +720,7 @@ compile_addr(char *p, struct s_addr *a) case '/': /* Context address */ p = compile_re(p, &a->u.r); if (p == NULL) - error(COMPILE, "unterminated regular expression"); + error("unterminated regular expression"); a->type = AT_RE; return (p); @@ -738,7 +734,7 @@ compile_addr(char *p, struct s_addr *a) a->u.l = strtoul(p, &end, 10); return (end); default: - error(COMPILE, "expected context address"); + error("expected context address"); return (NULL); } } @@ -798,7 +794,7 @@ fixuplabel(struct s_command *cp, struct s_command *end) break; } if ((cp->u.c = findlabel(cp->t)) == NULL) - error(COMPILE, "undefined label '%s'", cp->t); + error("undefined label '%s'", cp->t); free(cp->t); break; case '{': @@ -823,7 +819,7 @@ enterlabel(struct s_command *cp) lhp = &labels[h & LHMASK]; for (lh = *lhp; lh != NULL; lh = lh->lh_next) if (lh->lh_hash == h && strcmp(cp->t, lh->lh_cmd->t) == 0) - error(COMPILE, "duplicate label '%s'", cp->t); + error("duplicate label '%s'", cp->t); lh = xmalloc(sizeof *lh); lh->lh_next = *lhp; lh->lh_hash = h; diff --git a/usr.bin/sed/defs.h b/usr.bin/sed/defs.h index 9c09fffa0..e85adcbfd 100644 --- a/usr.bin/sed/defs.h +++ b/usr.bin/sed/defs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: defs.h,v 1.10 2022/12/26 19:16:02 jmc Exp $ */ +/* $OpenBSD: defs.h,v 1.11 2024/07/17 20:57:15 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. * Copyright (c) 1992, 1993 @@ -133,12 +133,6 @@ typedef struct { size_t blen; /* Backing memory length. */ } SPACE; -/* - * Error severity codes: - */ -#define FATAL 1 /* Exit immediately with 1 */ -#define COMPILE 2 /* Print error, count and finish script */ - /* * Round up to the nearest multiple of _POSIX2_LINE_MAX */ diff --git a/usr.bin/sed/extern.h b/usr.bin/sed/extern.h index 2d28ef8a8..2ecb30a53 100644 --- a/usr.bin/sed/extern.h +++ b/usr.bin/sed/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.15 2024/06/18 00:32:22 millert Exp $ */ +/* $OpenBSD: extern.h,v 1.16 2024/07/17 20:57:16 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. * Copyright (c) 1992, 1993 @@ -49,8 +49,8 @@ void cfclose(struct s_command *, struct s_command *); void compile(void); void cspace(SPACE *, const char *, size_t, enum e_spflag); char *cu_getline(char **, size_t *); -__dead void error(int, const char *, ...); -void warning(const char *, ...); +__dead void error(const char *, ...) __attribute__((__format__ (printf, 1, 2))); +void warning(const char *, ...) __attribute__((__format__ (printf, 1, 2))); int mf_getline(SPACE *, enum e_spflag); int lastline(void); void finish_file(void); diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c index 0d741db69..f47af6fa1 100644 --- a/usr.bin/sed/main.c +++ b/usr.bin/sed/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.45 2024/06/18 00:32:22 millert Exp $ */ +/* $OpenBSD: main.c,v 1.47 2024/07/17 20:57:16 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -38,6 +38,7 @@ #include #include +#include #include #include #include @@ -166,10 +167,10 @@ main(int argc, char *argv[]) if (inplace != NULL) { if (pledge("stdio rpath wpath cpath fattr chown", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } else { if (pledge("stdio rpath wpath cpath", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } /* First usage case; script is the first arg */ @@ -184,27 +185,27 @@ main(int argc, char *argv[]) if (*argv) { if (!pledge_wpath && inplace == NULL) { if (pledge("stdio rpath", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } for (; *argv; argv++) add_file(*argv); } else { if (!pledge_wpath && !pledge_rpath) { if (pledge("stdio", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } else if (pledge_rpath) { if (pledge("stdio rpath", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } else if (pledge_wpath) { if (pledge("stdio wpath cpath", NULL) == -1) - error(FATAL, "pledge: %s", strerror(errno)); + err(1, "pledge"); } add_file(NULL); } process(); cfclose(prog, NULL); if (fclose(stdout)) - error(FATAL, "stdout: %s", strerror(errno)); + err(1, "stdout"); exit (rval); } @@ -234,8 +235,7 @@ again: switch (script->type) { case CU_FILE: if ((f = fopen(script->s, "r")) == NULL) - error(FATAL, - "%s: %s", script->s, strerror(errno)); + err(1, "%s", script->s); fname = script->s; state = ST_FILE; goto again; @@ -310,7 +310,7 @@ finish_file(void) fclose(infile); if (*oldfname != '\0') { if (rename(fname, oldfname) != 0) { - warning("rename()"); + warn("rename %s to %s", fname, oldfname); unlink(tmpfname); exit(1); } @@ -320,7 +320,11 @@ finish_file(void) if (outfile != NULL && outfile != stdout) fclose(outfile); outfile = NULL; - rename(tmpfname, fname); + if (rename(tmpfname, fname) != 0) { + warn("rename %s to %s", tmpfname, fname); + unlink(tmpfname); + exit(1); + } *tmpfname = '\0'; } outfname = NULL; @@ -346,7 +350,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag) /* stdin? */ if (files->fname == NULL) { if (inplace != NULL) - error(FATAL, "-i may not be used with stdin"); + errx(1, "-i may not be used with stdin"); infile = stdin; fname = "stdin"; outfile = stdout; @@ -377,34 +381,36 @@ mf_getline(SPACE *sp, enum e_spflag spflag) } fname = files->fname; if (inplace != NULL) { - if (lstat(fname, &sb) != 0) - error(FATAL, "%s: %s", fname, - strerror(errno ? errno : EIO)); + if (stat(fname, &sb) != 0) + err(1, "%s", fname); if (!S_ISREG(sb.st_mode)) - error(FATAL, "%s: %s %s", fname, + errx(1, "%s: %s %s", fname, "in-place editing only", "works for regular files"); if (*inplace != '\0') { - strlcpy(oldfname, fname, + (void)strlcpy(oldfname, fname, sizeof(oldfname)); len = strlcat(oldfname, inplace, sizeof(oldfname)); - if (len > sizeof(oldfname)) - error(FATAL, "%s: name too long", fname); + if (len >= sizeof(oldfname)) + errc(1, ENAMETOOLONG, "%s", fname); } - strlcpy(dirbuf, fname, sizeof(dirbuf)); + len = strlcpy(dirbuf, fname, sizeof(dirbuf)); + if (len >= sizeof(dirbuf)) + errc(1, ENAMETOOLONG, "%s", fname); len = snprintf(tmpfname, sizeof(tmpfname), "%s/sedXXXXXXXXXX", dirname(dirbuf)); if (len >= sizeof(tmpfname)) - error(FATAL, "%s: name too long", fname); + errc(1, ENAMETOOLONG, "%s", fname); if ((fd = mkstemp(tmpfname)) == -1) - error(FATAL, "%s: %s", fname, strerror(errno)); + err(1, "%s", fname); + (void)fchown(fd, sb.st_uid, sb.st_gid); + (void)fchmod(fd, sb.st_mode & ALLPERMS); if ((outfile = fdopen(fd, "w")) == NULL) { + warn("%s", fname); unlink(tmpfname); - error(FATAL, "%s", fname); + exit(1); } - fchown(fileno(outfile), sb.st_uid, sb.st_gid); - fchmod(fileno(outfile), sb.st_mode & ALLPERMS); outfname = tmpfname; linenum = 0; resetstate(); @@ -413,7 +419,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag) outfname = "stdout"; } if ((infile = fopen(fname, "r")) == NULL) { - warning("%s", strerror(errno)); + warn("%s", fname); rval = 1; continue; } @@ -429,7 +435,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag) */ len = getline(&p, &psize, infile); if ((ssize_t)len == -1) - error(FATAL, "%s: %s", fname, strerror(errno)); + err(1, "%s", fname); if (len != 0 && p[len - 1] == '\n') { sp->append_newline = 1; len--; diff --git a/usr.bin/sed/misc.c b/usr.bin/sed/misc.c index 99ff1fda0..ccc34bf16 100644 --- a/usr.bin/sed/misc.c +++ b/usr.bin/sed/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.12 2017/01/20 10:26:16 krw Exp $ */ +/* $OpenBSD: misc.c,v 1.13 2024/07/17 20:57:16 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -35,7 +35,7 @@ #include -#include +#include #include #include #include @@ -54,7 +54,7 @@ xmalloc(size_t size) void *p; if ((p = malloc(size)) == NULL) - error(FATAL, "%s", strerror(errno)); + err(1, NULL); return (p); } @@ -64,7 +64,7 @@ xreallocarray(void *o, size_t nmemb, size_t size) void *p; if ((p = reallocarray(o, nmemb, size)) == NULL) - error(FATAL, "%s", strerror(errno)); + err(1, NULL); return (p); } @@ -76,7 +76,7 @@ xrealloc(void *p, size_t size) { if ((p = realloc(p, size)) == NULL) - error(FATAL, "%s", strerror(errno)); + err(1, NULL); return (p); } @@ -102,16 +102,12 @@ strregerror(int errcode, regex_t *preg) * Error reporting function */ __dead void -error(int severity, const char *fmt, ...) +error(const char *fmt, ...) { va_list ap; + (void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname); va_start(ap, fmt); - (void)fprintf(stderr, "sed: "); - switch (severity) { - case COMPILE: - (void)fprintf(stderr, "%lu: %s: ", linenum, fname); - } (void)vfprintf(stderr, fmt, ap); va_end(ap); (void)fprintf(stderr, "\n"); @@ -123,9 +119,8 @@ warning(const char *fmt, ...) { va_list ap; + (void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname); va_start(ap, fmt); - (void)fprintf(stderr, "sed: "); - (void)fprintf(stderr, "%lu: %s: ", linenum, fname); (void)vfprintf(stderr, fmt, ap); va_end(ap); (void)fprintf(stderr, "\n"); diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index 308ab71ee..c2d789403 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.36 2024/06/18 00:32:22 millert Exp $ */ +/* $OpenBSD: process.c,v 1.37 2024/07/17 20:57:16 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -38,7 +38,7 @@ #include #include -#include +#include #include #include #include @@ -226,12 +226,10 @@ redirect: if (cp->u.fd == -1 && (cp->u.fd = open(cp->t, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) - error(FATAL, "%s: %s", - cp->t, strerror(errno)); + err(1, "%s", cp->t); if ((size_t)write(cp->u.fd, ps, psl) != psl || write(cp->u.fd, "\n", 1) != 1) - error(FATAL, "%s: %s", - cp->t, strerror(errno)); + err(1, "%s", cp->t); break; case 'x': if (hs == NULL) @@ -346,8 +344,7 @@ substitute(struct s_command *cp) if (re == NULL) { if (defpreg != NULL && cp->u.s->maxbref > defpreg->re_nsub) { linenum = cp->u.s->linenum; - error(COMPILE, "\\%d not defined in the RE", - cp->u.s->maxbref); + error("\\%d not defined in the RE", cp->u.s->maxbref); } } if (!regexec_e(re, ps, 0, 0, 0, psl)) @@ -431,10 +428,10 @@ substitute(struct s_command *cp) if (cp->u.s->wfile && !pd) { if (cp->u.s->wfd == -1 && (cp->u.s->wfd = open(cp->u.s->wfile, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) - error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno)); + err(1, "%s", cp->u.s->wfile); if ((size_t)write(cp->u.s->wfd, ps, psl) != psl || write(cp->u.s->wfd, "\n", 1) != 1) - error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno)); + err(1, "%s", cp->u.s->wfile); } return (1); } @@ -473,7 +470,7 @@ flush_appends(void) break; } if (ferror(outfile)) - error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO)); + err(1, "%s", outfname); appendx = sdone = 0; } @@ -513,7 +510,7 @@ lputs(char *s, size_t len) (void)fputc('$', outfile); (void)fputc('\n', outfile); if (ferror(outfile)) - error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO)); + err(1, "%s", outfname); } static inline int @@ -524,7 +521,7 @@ regexec_e(regex_t *preg, const char *string, int eflags, if (preg == NULL) { if (defpreg == NULL) - error(FATAL, "first RE may not be empty"); + errx(1, "first RE may not be empty"); } else defpreg = preg; @@ -540,7 +537,7 @@ regexec_e(regex_t *preg, const char *string, int eflags, case REG_NOMATCH: return (0); } - error(FATAL, "RE error: %s", strregerror(eval, defpreg)); + errx(1, "RE error: %s", strregerror(eval, defpreg)); } /* @@ -624,13 +621,12 @@ cfclose(struct s_command *cp, struct s_command *end) switch (cp->code) { case 's': if (cp->u.s->wfd != -1 && close(cp->u.s->wfd)) - error(FATAL, - "%s: %s", cp->u.s->wfile, strerror(errno)); + err(1, "%s", cp->u.s->wfile); cp->u.s->wfd = -1; break; case 'w': if (cp->u.fd != -1 && close(cp->u.fd)) - error(FATAL, "%s: %s", cp->t, strerror(errno)); + err(1, "%s", cp->t); cp->u.fd = -1; break; case '{': diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index f871ff4e4..710d3d4e6 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.442 2024/06/27 21:02:16 jmc Exp $ -.Dd $Mdocdate: June 27 2024 $ +.\" $OpenBSD: ssh.1,v 1.443 2024/07/18 01:47:27 djm Exp $ +.Dd $Mdocdate: July 18 2024 $ .Dt SSH 1 .Os .Sh NAME @@ -490,6 +490,8 @@ Valid commands are: (request forwardings without command execution), .Dq cancel (cancel forwardings), +.Dq proxy +(connect to a running multiplexing master in proxy mode), .Dq exit (request the master to exit), and .Dq stop diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y index 2017fe9a7..fd8bb0d29 100644 --- a/usr.sbin/npppd/npppd/parse.y +++ b/usr.sbin/npppd/npppd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.29 2024/07/11 14:05:59 yasuoka Exp $ */ +/* $OpenBSD: parse.y,v 1.30 2024/07/17 08:26:19 yasuoka Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer @@ -1543,7 +1543,7 @@ npppd_conf_fini(struct npppd_conf *xconf) TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct) free(radc); TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt) - free(radl); + free(radl); TAILQ_INIT(&xconf->l2tp_confs); TAILQ_INIT(&xconf->pptp_confs); TAILQ_INIT(&xconf->pppoe_confs); diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c index 31afc0e27..fad3ed14b 100644 --- a/usr.sbin/radiusd/radiusd.c +++ b/usr.sbin/radiusd/radiusd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd.c,v 1.50 2024/07/14 15:31:49 yasuoka Exp $ */ +/* $OpenBSD: radiusd.c,v 1.51 2024/07/17 11:05:11 yasuoka Exp $ */ /* * Copyright (c) 2013, 2023 Internet Initiative Japan Inc. @@ -811,36 +811,10 @@ radius_query_client_secret(struct radius_query *q) void radiusd_access_request_answer(struct radius_query *q) { - const char *authen_secret = q->authen->auth->module->secret; - radius_set_request_packet(q->res, q->req); - - if (authen_secret == NULL) { - /* - * The module diddn't check the authenticators - */ - if (radius_check_response_authenticator(q->res, - q->client->secret) != 0) { - log_info("Response from module has bad response " - "authenticator: id=%d", q->id); - goto on_error; - } - if (radius_has_attr(q->res, - RADIUS_TYPE_MESSAGE_AUTHENTICATOR) && - radius_check_message_authenticator(q->res, - q->client->secret) != 0) { - log_info("Response from module has bad message " - "authenticator: id=%d", q->id); - goto on_error; - } - } - RADIUSD_ASSERT(q->deco == NULL); - radius_query_access_response(q); - return; -on_error: - radiusd_access_request_aborted(q); + radius_query_access_response(q); } void @@ -1535,8 +1509,8 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) case IMSG_RADIUSD_MODULE_REQDECO_DONE: if (q->deco == NULL || q->deco->type != IMSG_RADIUSD_MODULE_REQDECO) { - log_warnx("q=%u received %s " - "but not requested", q->id, typestr); + log_warnx("q=%u received %s but not " + "requested", q->id, typestr); if (radpkt != NULL) radius_delete_packet(radpkt); break; @@ -1791,9 +1765,8 @@ radiusd_module_access_request(struct radiusd_module *module, radiusd_access_request_aborted(q); return; } - if (q->client->secret[0] != '\0' && module->secret != NULL && - radius_get_user_password_attr(radpkt, pass, sizeof(pass), - q->client->secret) == 0) { + if (radius_get_user_password_attr(radpkt, pass, sizeof(pass), + q->client->secret) == 0) { radius_del_attr_all(radpkt, RADIUS_TYPE_USER_PASSWORD); (void)radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD, pass, strlen(pass)); diff --git a/usr.sbin/radiusd/radiusd.conf.5 b/usr.sbin/radiusd/radiusd.conf.5 index ef9107159..937d2788b 100644 --- a/usr.sbin/radiusd/radiusd.conf.5 +++ b/usr.sbin/radiusd/radiusd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusd.conf.5,v 1.32 2024/07/14 18:03:59 jmc Exp $ +.\" $OpenBSD: radiusd.conf.5,v 1.34 2024/07/18 00:28:53 yasuoka Exp $ .\" .\" Copyright (c) 2014 Esdenera Networks GmbH .\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 14 2024 $ +.Dd $Mdocdate: July 18 2024 $ .Dt RADIUSD.CONF 5 .Os .Sh NAME @@ -92,6 +92,8 @@ See The .Dq file module provides authentication by a local file. +See +.Xr radiusd_file 8 . .It Do ipcp Dc module The .Dq ipcp @@ -154,6 +156,18 @@ Optionally decoration modules can be specified by .Ar deco . The specified modules decorate the RADIUS messages in the configured order. .It Xo +.Ic authentication-filter +.Ar username-pattern ... +.Ic by Ar auth +.Op Ic decorate-by Ar deco ... +.Xc +.Ic authentication-filter +works the same as +.Ic authenticate , +but the module can work as a filter, +it can ask the authentication to the following authentication modules, +and then it receives the authentication reply and modifies the reply. +.It Xo .Ic account .Op Ic quick .Ar username-pattern ... diff --git a/usr.sbin/radiusd/radiusd/Makefile b/usr.sbin/radiusd/radiusd/Makefile index e2cf0be2e..d331d85b7 100644 --- a/usr.sbin/radiusd/radiusd/Makefile +++ b/usr.sbin/radiusd/radiusd/Makefile @@ -1,4 +1,5 @@ -# $OpenBSD: Makefile,v 1.3 2024/07/14 15:31:49 yasuoka Exp $ +# $OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $ + PROG= radiusd BINDIR= /usr/sbin MAN= radiusd.8 radiusd.conf.5 diff --git a/usr.sbin/radiusd/radiusd_eap2mschap.c b/usr.sbin/radiusd/radiusd_eap2mschap.c index 2e0b252e5..7e38b295c 100644 --- a/usr.sbin/radiusd/radiusd_eap2mschap.c +++ b/usr.sbin/radiusd/radiusd_eap2mschap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_eap2mschap.c,v 1.1 2024/07/14 16:09:23 yasuoka Exp $ */ +/* $OpenBSD: radiusd_eap2mschap.c,v 1.2 2024/07/17 11:19:27 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -119,7 +119,12 @@ eap2mschap_config_set(void *ctx, const char *name, int argc, } else if (strcmp(name, "_debug") == 0) log_init(1); else if (strncmp(name, "_", 1) == 0) - /* ignore */; + /* ignore all internal messages */; + else { + module_send_message(self->base, IMSG_NG, + "Unknown config parameter `%s'", name); + return; + } module_send_message(self->base, IMSG_OK, NULL); return; diff --git a/usr.sbin/radiusd/radiusd_eap2mschap/Makefile b/usr.sbin/radiusd/radiusd_eap2mschap/Makefile index 4267c7e8f..701564f11 100644 --- a/usr.sbin/radiusd/radiusd_eap2mschap/Makefile +++ b/usr.sbin/radiusd/radiusd_eap2mschap/Makefile @@ -1,4 +1,5 @@ -# $OpenBSD: Makefile,v 1.1 2024/07/14 16:09:23 yasuoka Exp $ +# $OpenBSD: Makefile,v 1.2 2024/07/17 11:20:24 deraadt Exp $ + PROG= radiusd_eap2mschap BINDIR= /usr/libexec/radiusd SRCS= radiusd_eap2mschap.c radiusd_module.c radius_subr.c log.c diff --git a/usr.sbin/radiusd/radiusd_file.c b/usr.sbin/radiusd/radiusd_file.c index 1f6e46883..c140e0817 100644 --- a/usr.sbin/radiusd/radiusd_file.c +++ b/usr.sbin/radiusd/radiusd_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_file.c,v 1.2 2024/07/14 15:13:41 yasuoka Exp $ */ +/* $OpenBSD: radiusd_file.c,v 1.3 2024/07/17 10:15:39 yasuoka Exp $ */ /* * Copyright (c) 2024 YASUOKA Masahiko @@ -405,7 +405,6 @@ auth_pap(struct module_file *self, u_int q_id, RADIUS_PACKET *radpkt, return; } ret = strcmp(ent->password, pass); - log_info("%s %s", ent->password, pass); explicit_bzero(ent->password, strlen(ent->password)); log_info("q=%u User `%s' authentication %s (PAP)", q_id, username, (ret == 0)? "succeeded" : "failed"); diff --git a/usr.sbin/radiusd/radiusd_ipcp.c b/usr.sbin/radiusd/radiusd_ipcp.c index 1d28ddf65..d007067ec 100644 --- a/usr.sbin/radiusd/radiusd_ipcp.c +++ b/usr.sbin/radiusd/radiusd_ipcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_ipcp.c,v 1.4 2024/07/12 15:54:52 yasuoka Exp $ */ +/* $OpenBSD: radiusd_ipcp.c,v 1.5 2024/07/17 11:31:46 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -972,7 +972,7 @@ ipcp_accounting_request(void *ctx, u_int q_id, const u_char *pkt, struct module_ipcp *self = ctx; struct assigned_ipv4 *assign, *assignt; char username[256], nas_id[256], buf[256], - buf1[80]; + buf1[384]; struct timespec dur; struct radiusd_ipcp_statistics stat; diff --git a/usr.sbin/radiusd/radiusd_local.h b/usr.sbin/radiusd/radiusd_local.h index b4ce9b15a..35a1da9e4 100644 --- a/usr.sbin/radiusd/radiusd_local.h +++ b/usr.sbin/radiusd/radiusd_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_local.h,v 1.15 2024/07/14 15:31:49 yasuoka Exp $ */ +/* $OpenBSD: radiusd_local.h,v 1.16 2024/07/17 11:31:46 yasuoka Exp $ */ /* * Copyright (c) 2013 Internet Initiative Japan Inc. @@ -160,7 +160,7 @@ extern struct radiusd *radiusd_s; #ifdef RADIUSD_DEBUG #define RADIUSD_DBG(x) log_debug x #else -#define RADIUSD_DBG(x) +#define RADIUSD_DBG(x) ((void)0) #endif #define RADIUSD_ASSERT(_cond) \ do { \ diff --git a/usr.sbin/radiusd/radiusd_standard/Makefile b/usr.sbin/radiusd/radiusd_standard/Makefile index bccdc36de..e720296fe 100644 --- a/usr.sbin/radiusd/radiusd_standard/Makefile +++ b/usr.sbin/radiusd/radiusd_standard/Makefile @@ -1,10 +1,10 @@ +# $OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $ -# $OpenBSD: Makefile,v 1.3 2024/07/02 16:18:11 deraadt Exp $ PROG= radiusd_standard BINDIR= /usr/libexec/radiusd SRCS= radiusd_standard.c radiusd_module.c LDADD= -lradius -lcrypto -lutil -DPADD= ${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL} +DPADD= ${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL} MAN= radiusd_standard.8 .include