Allow --without-privsep build.

David Woodhouse dwmw2 at infradead.org
Sun Jan 8 12:00:59 EST 2006


I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...

Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd version even use autocrap?

--- openssh-4.2p1/auth-rhosts.c~	2005-07-17 08:22:45.000000000 +0100
+++ openssh-4.2p1/auth-rhosts.c	2006-01-07 18:14:32.000000000 +0000
@@ -289,7 +289,9 @@ auth_rhosts2(struct passwd *pw, const ch
 
 	auth_debug_reset();
 	ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
+#ifdef USE_PRIVSEP
 	if (!use_privsep)
+#endif
 		auth_debug_send();
 	return ret;
 }
--- openssh-4.2p1/auth2.c~	2005-07-17 08:26:44.000000000 +0100
+++ openssh-4.2p1/auth2.c	2006-01-07 18:52:24.000000000 +0000
@@ -175,8 +175,10 @@ input_userauth_request(int type, u_int32
 		    use_privsep ? " [net]" : "");
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
+#ifdef USE_PRIVSEP
 		if (use_privsep)
 			mm_inform_authserv(service, style);
+#endif
 	} else if (strcmp(user, authctxt->user) != 0 ||
 	    strcmp(service, authctxt->service) != 0) {
 		packet_disconnect("Change of username or service not allowed: "
--- openssh-4.2p1/config.h.in~	2005-09-01 10:15:22.000000000 +0100
+++ openssh-4.2p1/config.h.in	2006-01-07 17:44:23.000000000 +0000
@@ -152,6 +152,9 @@
 /* Builtin PRNG command timeout */
 #undef ENTROPY_TIMEOUT_MSEC
 
+/* Use privilege separation */
+#undef USE_PRIVSEP
+
 /* non-privileged user for privilege separation */
 #undef SSH_PRIVSEP_USER
 
--- openssh-4.2p1/configure.ac~	2005-08-31 17:59:49.000000000 +0100
+++ openssh-4.2p1/configure.ac	2006-01-07 18:41:38.000000000 +0000
@@ -1873,6 +1873,16 @@ AC_ARG_WITH(entropy-timeout,
 )
 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
 
+use_privsep=1
+
+AC_ARG_WITH(privsep,
+	[  --without-privsep       Disable privilege separation],
+	[
+		if test "x$withval" = "xno" ; then
+			use_privsep=""
+		fi
+	]
+)
 SSH_PRIVSEP_USER=sshd
 AC_ARG_WITH(privsep-user,
 	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
@@ -1880,13 +1890,20 @@ AC_ARG_WITH(privsep-user,
 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
 		    test "x${withval}" != "xyes"; then
 			SSH_PRIVSEP_USER=$withval
+			use_privsep=1
 		fi
 	]
 )
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
-AC_SUBST(SSH_PRIVSEP_USER)
+if test ! -z "$use_privsep" ; then
+   AC_DEFINE(USE_PRIVSEP)
+   AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+   AC_SUBST(SSH_PRIVSEP_USER)
+   PRIVSEP_MSG=yes
+else
+   PRIVSEP_MSG=no
+fi
 
-# We do this little dance with the search path to insure
+# We do this little dance with the search path to ensure
 # that programs that we select for use by installed programs
 # (which may be run by the super-user) come from trusted
 # locations before they come from the user's private area.
@@ -3434,7 +3451,10 @@ echo "               Configuration files
 echo "                   Askpass program: $E"
 echo "                      Manual pages: $F"
 echo "                          PID file: $G"
+
+if test ! -z "$use_privsep" ; then
 echo "  Privilege separation chroot path: $H"
+fi
 if test "x$external_path_file" = "x/etc/login.conf" ; then
 echo "   At runtime, sshd will use the path defined in $external_path_file"
 echo "   Make sure the path to scp is present, otherwise scp will not work"
--- openssh-4.2p1/monitor.c~	2005-07-17 08:53:31.000000000 +0100
+++ openssh-4.2p1/monitor.c	2006-01-07 18:40:42.000000000 +0000
@@ -69,6 +69,8 @@ RCSID("$OpenBSD: monitor.c,v 1.63 2005/0
 static Gssctxt *gsscontext = NULL;
 #endif
 
+#ifdef USE_PRIVSEP
+
 /* Imports */
 extern ServerOptions options;
 extern u_int utmp_len;
@@ -1916,3 +1918,5 @@ mm_answer_gss_userok(int sock, Buffer *m
 	return (authenticated);
 }
 #endif /* GSSAPI */
+
+#endif /* USE_PRIVSEP */
--- openssh-4.2p1/monitor_mm.c~	2004-10-06 14:15:44.000000000 +0100
+++ openssh-4.2p1/monitor_mm.c	2006-01-07 18:39:36.000000000 +0000
@@ -35,6 +35,8 @@ RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004
 #include "log.h"
 #include "monitor_mm.h"
 
+#ifdef USE_PRIVSEP
+
 static int
 mm_compare(struct mm_share *a, struct mm_share *b)
 {
@@ -343,3 +345,5 @@ mm_memvalid(struct mm_master *mm, void *
 	if (end > (void *)((u_char *)mm->address + mm->size))
 		fatal("mm_memvalid: address too large: %p", address);
 }
+
+#endif
--- openssh-4.2p1/monitor_wrap.c~	2005-07-17 08:53:31.000000000 +0100
+++ openssh-4.2p1/monitor_wrap.c	2006-01-07 18:40:15.000000000 +0000
@@ -63,6 +63,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2
 #include "ssh-gss.h"
 #endif
 
+#ifdef USE_PRIVSEP
+
 /* Imports */
 extern int compat20;
 extern Newkeys *newkeys[];
@@ -1217,3 +1219,5 @@ mm_ssh_gssapi_userok(char *user)
 	return (authenticated);
 }
 #endif /* GSSAPI */
+
+#endif /* USE_PRIVSEP */
--- openssh-4.2p1/monitor_wrap.h~	2005-02-08 10:52:48.000000000 +0000
+++ openssh-4.2p1/monitor_wrap.h	2006-01-07 18:49:51.000000000 +0000
@@ -29,7 +29,12 @@
 #define _MM_WRAP_H_
 #include "key.h"
 #include "buffer.h"
+#include "config.h"
 
+#ifndef USE_PRIVSEP
+#define use_privsep 0
+#define PRIVSEP(x) (x)
+#else
 extern int use_privsep;
 #define PRIVSEP(x)	(use_privsep ? mm_##x : x)
 
@@ -111,4 +116,6 @@ void *mm_zalloc(struct mm_master *, u_in
 void mm_zfree(struct mm_master *, void *);
 void mm_init_compression(struct mm_master *);
 
+#endif /* USE_PRIVSEP */
+
 #endif /* _MM_H_ */
--- openssh-4.2p1/servconf.c~	2005-08-12 13:11:37.000000000 +0100
+++ openssh-4.2p1/servconf.c	2006-01-07 18:13:42.000000000 +0000
@@ -102,8 +102,10 @@ initialize_server_options(ServerOptions 
 	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 
+#ifdef USE_PRIVSEP
 	/* Needs to be accessable in many places */
 	use_privsep = -1;
+#endif
 }
 
 void
@@ -230,10 +232,10 @@ fill_default_server_options(ServerOption
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 
+#ifdef USE_PRIVSEP
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
 		use_privsep = 1;
-
 #ifndef HAVE_MMAP
 	if (use_privsep && options->compression == 1) {
 		error("This platform does not support both privilege "
@@ -242,6 +244,7 @@ fill_default_server_options(ServerOption
 		options->compression = 0;
 	}
 #endif
+#endif
 
 }
 
@@ -799,10 +802,11 @@ parse_flag:
 		intptr = &options->allow_tcp_forwarding;
 		goto parse_flag;
 
+#ifdef USE_PRIVSEP
 	case sUsePrivilegeSeparation:
 		intptr = &use_privsep;
 		goto parse_flag;
-
+#endif
 	case sAllowUsers:
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (options->num_allow_users >= MAX_ALLOW_USERS)
--- openssh-4.2p1/sshd.c~	2005-07-26 12:54:56.000000000 +0100
+++ openssh-4.2p1/sshd.c	2006-01-07 18:12:40.000000000 +0000
@@ -200,9 +200,11 @@ u_int utmp_len = MAXHOSTNAMELEN;
 int *startup_pipes = NULL;
 int startup_pipe;		/* in child */
 
+#ifdef USE_PRIVSEP
 /* variables used for privilege separation */
 int use_privsep;
 struct monitor *pmonitor = NULL;
+#endif
 
 /* global authentication context */
 Authctxt *the_authctxt = NULL;
@@ -308,9 +310,10 @@ grace_alarm_handler(int sig)
 {
 	/* XXX no idea how fix this signal handler */
 
+#ifdef USE_PRIVSEP
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
-
+#endif
 	/* Log error and exit. */
 	fatal("Timeout before authentication for %s", get_remote_ipaddr());
 }
@@ -536,6 +539,7 @@ demote_sensitive_data(void)
 	/* We do not clear ssh1_host key and cookie.  XXX - Okay Niels? */
 }
 
+#ifdef USE_PRIVSEP
 static void
 privsep_preauth_child(void)
 {
@@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt)
 	 */
 	packet_set_authenticated();
 }
+#endif /* USE_PRIVSEP */
 
 static char *
 list_hostkey_types(void)
@@ -1691,10 +1696,11 @@ main(int ac, char **av)
 	/* prepare buffer to collect messages to display to user after login */
 	buffer_init(&loginmsg);
 
+#ifdef USE_PRIVSEP
 	if (use_privsep)
 		if (privsep_preauth(authctxt) == 1)
 			goto authenticated;
-
+#endif
 	/* perform the key exchange */
 	/* authenticate user and start session */
 	if (compat20) {
@@ -1708,11 +1714,12 @@ main(int ac, char **av)
 	 * If we use privilege separation, the unprivileged child transfers
 	 * the current keystate and exits
 	 */
+#ifdef USE_PRIVSEP
 	if (use_privsep) {
 		mm_send_keystate(pmonitor);
 		exit(0);
 	}
-
+#endif
  authenticated:
 #ifdef SSH_AUDIT_EVENTS
 	audit_event(SSH_AUTH_SUCCESS);

-- 
dwmw2




More information about the openssh-unix-dev mailing list