From ec797c84701ccafbfcccb836f87a1160cf86ef4c Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 28 Dec 2017 14:10:24 -0700 Subject: linux/random.h doesn't actually declare getrandom() --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index e34c769..b24f10d 100644 --- a/configure.ac +++ b/configure.ac @@ -47,8 +47,8 @@ esac dnl -------------------------------------------------------------------- dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h ]) -AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h linux/random.h sys/random.h]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h]) +AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) -- cgit v1.2.3 From e12a75b717ac587bbc5814cbb7f2311be99998d8 Mon Sep 17 00:00:00 2001 From: Martin Belanger Date: Thu, 21 Dec 2017 14:59:52 -0500 Subject: RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0. They tell us to use RAND_bytes() instead. Modified by Philip Prindeville --- configure.ac | 7 +++++-- libtac/lib/magic.c | 4 ++++ pam_tacplus.c | 4 ++++ tacc.c | 4 ++++ 4 files changed, 17 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index b24f10d..ac7c692 100644 --- a/configure.ac +++ b/configure.ac @@ -36,7 +36,10 @@ dnl Checks for libraries. AC_CHECK_LIB(pam, pam_start) AC_CHECK_LIB(tac, tac_connect) AC_CHECK_LIB(crypto, MD5_Init) -AC_CHECK_LIB(crypto, RAND_pseudo_bytes) +AC_CHECK_LIB(crypto, RAND_pseudo_bytes, + [AC_DEFINE([HAVE_RAND_PSEUDO_BYTES], [1], [Define to 1 if you have the `RAND_pseudo_bytes' function.])]) +AC_CHECK_LIB(crypto, RAND_bytes, + [AC_DEFINE([HAVE_RAND_BYTES], [1], [Define to 1 if you have the `RAND_bytes' function.])]) AC_CHECK_LIB(util, logwtmp) case "$host" in @@ -51,7 +54,7 @@ AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h str AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) -AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) +AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_bytes" = "yes" || test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) dnl -------------------------------------------------------------------- dnl Checks for typedefs, structures, and compiler characteristics. diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index 138c6d4..97aa035 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -63,7 +63,11 @@ magic() { u_int32_t num; +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *)&num, sizeof(num)); +#else RAND_pseudo_bytes((unsigned char *)&num, sizeof(num)); +#endif return num; } diff --git a/pam_tacplus.c b/pam_tacplus.c index 198d096..19e2aca 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -711,7 +711,11 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, const char **argv) { #if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO) +# if defined(HAVE_RAND_BYTES) + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +# else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +# endif #else task_id=(short int) magic(); #endif diff --git a/tacc.c b/tacc.c index cba0229..5d0585c 100644 --- a/tacc.c +++ b/tacc.c @@ -319,7 +319,11 @@ int main(int argc, char **argv) { struct tac_attrib *attr = NULL; sprintf(buf, "%lu", time(0)); tac_add_attrib(&attr, "start_time", buf); +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +#else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +#endif sprintf(buf, "%hu", task_id); tac_add_attrib(&attr, "task_id", buf); tac_add_attrib(&attr, "service", service); -- cgit v1.2.3 From 3337b95461bbea20407b321829e9a139ef077946 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 1 Jan 2018 16:09:13 -0700 Subject: Favor pututxline() over logwtmp() --- configure.ac | 4 +++- tacc.c | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 6 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index ac7c692..ff1b44e 100644 --- a/configure.ac +++ b/configure.ac @@ -40,7 +40,9 @@ AC_CHECK_LIB(crypto, RAND_pseudo_bytes, [AC_DEFINE([HAVE_RAND_PSEUDO_BYTES], [1], [Define to 1 if you have the `RAND_pseudo_bytes' function.])]) AC_CHECK_LIB(crypto, RAND_bytes, [AC_DEFINE([HAVE_RAND_BYTES], [1], [Define to 1 if you have the `RAND_bytes' function.])]) -AC_CHECK_LIB(util, logwtmp) +AC_CHECK_LIB(c, pututxline, + [AC_DEFINE([HAVE_PUTUTXLINE], [1], [Define to 1 if you have the `pututxline' function.])], + [AC_CHECK_LIB(util, logwtmp)]) case "$host" in sparc-* | sparc64-*) diff --git a/tacc.c b/tacc.c index b857cb6..f61e2d7 100644 --- a/tacc.c +++ b/tacc.c @@ -19,7 +19,6 @@ #include #include #include -#include #include #include #include @@ -34,6 +33,12 @@ #include "config.h" #endif +#if defined(HAVE_PUTUTXLINE) +#include +#elif defined(HAVE_LOGWTMP) +#include +#endif + #include "tacplus.h" #include "libtac.h" @@ -78,6 +83,13 @@ typedef unsigned char flag; flag quiet = 0; char *user = NULL; /* global, because of signal handler */ +#if defined(HAVE_PUTUTXLINE) +struct utmpx utmpx; +#endif + +/* take the length of a string constant without the NUL */ +#define C_STRLEN(str) (sizeof("" str) - 1) + /* command line options */ static struct option long_options[] = { @@ -353,10 +365,28 @@ int main(int argc, char **argv) { } /* log in local utmp */ -#ifdef HAVE_LOGWTMP - if (log_wtmp) + if (log_wtmp) { +#if defined(HAVE_PUTUTXLINE) + struct timeval tv; + + gettimeofday(&tv, NULL); + + memset(&utmpx, 0, sizeof(utmpx)); + utmpx.ut_type = USER_PROCESS; + utmpx.ut_pid = getpid(); + xstrcpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line)); + strncpy(utmpx.ut_id, tty + C_STRLEN("tty"), sizeof(utmpx.ut_id)); + xstrcpy(utmpx.ut_host, "dialup", sizeof(utmpx.ut_host)); + utmpx.ut_tv.tv_sec = tv.tv_sec; + utmpx.ut_tv.tv_usec = tv.tv_usec; + xstrcpy(utmpx.ut_user, user, sizeof(utmpx.ut_user)); + /* ut_addr unused ... */ + setutxent(); + pututxline(&utmpx); +#elif defined(HAVE_LOGWTMP) logwtmp(tty, user, "dialup"); #endif + } if (command != NULL) { int ret; @@ -435,10 +465,19 @@ int main(int argc, char **argv) { } /* logout from utmp */ -#ifdef HAVE_LOGWTMP - if (log_wtmp) + if (log_wtmp) { +#if defined(HAVE_PUTUTXLINE) + utmpx.ut_type = DEAD_PROCESS; + memset(utmpx.ut_line, 0, sizeof(utmpx.ut_line)); + memset(utmpx.ut_user, 0, sizeof(utmpx.ut_user)); + memset(utmpx.ut_host, 0, sizeof(utmpx.ut_host)); + utmpx.ut_tv.tv_sec = utmpx.ut_tv.tv_usec = 0; + setutxent(); + pututxline(&utmpx); +#elif defined(HAVE_LOGWTMP) logwtmp(tty, "", ""); #endif + } exit(EXIT_OK); } -- cgit v1.2.3