diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-08 16:24:14 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-08 16:24:14 +0000 |
| commit | be4b45e472b33137a5caa2dad02525cfdd7a045f (patch) | |
| tree | 82b3574d3430d564e99ac8fb35dd0bd91f8e65cb | |
| parent | 341adb13cb535ddc048182109bc1e2a2c8891907 (diff) | |
privsep always
| -rw-r--r-- | sbin/isakmpd/isakmpd.c | 8 | ||||
| -rw-r--r-- | sbin/isakmpd/log.c | 12 | ||||
| -rw-r--r-- | sbin/isakmpd/monitor.h | 19 | ||||
| -rw-r--r-- | sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep | 52 | ||||
| -rw-r--r-- | sbin/isakmpd/x509.c | 10 |
5 files changed, 5 insertions, 96 deletions
diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c index 6e0279762ef..776d88f04ce 100644 --- a/sbin/isakmpd/isakmpd.c +++ b/sbin/isakmpd/isakmpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmpd.c,v 1.79 2005/04/08 16:11:58 deraadt Exp $ */ +/* $OpenBSD: isakmpd.c,v 1.80 2005/04/08 16:24:12 deraadt Exp $ */ /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */ /* @@ -367,7 +367,7 @@ write_pid_file(void) { FILE *fp; - /* Ignore errors. This will fail with USE_PRIVSEP. */ + /* Ignore errors. This fails with privsep. */ unlink(pid_file); fp = monitor_fopen(pid_file, "w"); @@ -427,14 +427,12 @@ main(int argc, char *argv[]) /* Set timezone before priv'separation */ tzset(); -#if defined (USE_PRIVSEP) if (monitor_init(debug)) { /* The parent, with privileges enters infinite monitor loop. */ monitor_loop(debug); exit(0); /* Never reached. */ } /* Child process only from this point on, no privileges left. */ -#endif init(); @@ -467,9 +465,7 @@ main(int argc, char *argv[]) log_fatal("main: malloc (%lu) failed", (unsigned long)mask_size); -#if defined (USE_PRIVSEP) monitor_init_done(); -#endif while (1) { /* If someone has sent SIGHUP to us, reconfigure. */ diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c index 52345b74f9b..b27cde92c3f 100644 --- a/sbin/isakmpd/log.c +++ b/sbin/isakmpd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.53 2005/04/08 16:14:04 deraadt Exp $ */ +/* $OpenBSD: log.c,v 1.54 2005/04/08 16:24:12 deraadt Exp $ */ /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */ /* @@ -203,9 +203,7 @@ _log_print(int error, int syslog_level, const char *fmt, va_list ap, tm->tm_hour, tm->tm_min, tm->tm_sec, now.tv_usec, class == LOG_PRINT ? "Default" : "Report>"); strlcat(nbuf, buffer, sizeof nbuf); -#if defined (USE_PRIVSEP) strlcat(nbuf, getuid() ? "" : " [priv]", LOG_SIZE + 32); -#endif strlcat(nbuf, "\n", sizeof nbuf); if (fwrite(nbuf, strlen(nbuf), 1, log_output) == 0) { @@ -378,11 +376,7 @@ log_fatal(const char *fmt, ...) va_start(ap, fmt); _log_print(1, LOG_CRIT, fmt, ap, LOG_PRINT, 0); va_end(ap); -#ifdef USE_PRIVSEP monitor_exit(1); -#else - exit(1); -#endif } #ifdef USE_DEBUG @@ -411,12 +405,8 @@ log_packet_init(char *newname) return; } /* Does the file already exist? XXX lstat() or stat()? */ -#if defined (USE_PRIVSEP) /* XXX This is a fstat! */ if (monitor_stat(pcaplog_file, &st) == 0) { -#else - if (lstat(pcaplog_file, &st) == 0) { -#endif /* Sanity checks. */ if ((st.st_mode & S_IFMT) != S_IFREG) { log_print("log_packet_init: existing capture file is " diff --git a/sbin/isakmpd/monitor.h b/sbin/isakmpd/monitor.h index 6bff7a25782..eb65a9179d3 100644 --- a/sbin/isakmpd/monitor.h +++ b/sbin/isakmpd/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.12 2004/11/08 12:34:00 hshoexer Exp $ */ +/* $OpenBSD: monitor.h,v 1.13 2005/04/08 16:24:12 deraadt Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -27,7 +27,6 @@ #ifndef _MONITOR_H_ #define _MONITOR_H_ -#if defined (USE_PRIVSEP) #include <sys/types.h> #include <sys/stat.h> @@ -81,20 +80,4 @@ void monitor_ui_init(void); int monitor_pf_key_v2_open(void); void monitor_exit(int); -#else /* !USE_PRIVSEP */ - -#define monitor_fopen fopen -#define monitor_open open -#define monitor_stat stat -#define monitor_setsockopt setsockopt -#define monitor_bind bind -#define monitor_opendir opendir -#define monitor_readdir readdir -#define monitor_closedir closedir - -#define monitor_ui_init ui_init -#define monitor_pf_key_v2_open pf_key_v2_open -#define monitor_exit exit - -#endif /* USE_PRIVSEP */ #endif /* _MONITOR_H_ */ diff --git a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep deleted file mode 100644 index 8a46424d9fe..00000000000 --- a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep +++ /dev/null @@ -1,52 +0,0 @@ -# $OpenBSD: GNUmakefile.sysdep,v 1.5 2004/06/26 03:40:57 mcbride Exp $ - -# -# Copyright (c) 1999 Håkan Olsson. All rights reserved. -# Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# This code was written under funding by Ericsson Radio Systems. -# - - -LIBGMP:= /usr/lib/libgmp.a -LIBCRYPTO:= /usr/lib/libcrypto.a - -IPSEC_SRCS= pf_key_v2.c -IPSEC_CFLAGS= -DUSE_PF_KEY_V2 - -USE_LIBCRYPTO= defined -ifneq (${MACHINE_ARCH},alpha) -ifneq (${MACHINE_ARCH},vax) -ifneq (${MACHINE_ARCH},m88k) -SRCS+= keynote_compat.c -endif -endif -endif -USE_KEYNOTE= defined - -ifndef USE_LIBCRYPTO -DESLIB= -ldes -DESLIBDEP= ${LIBDES} -endif diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index 3f567a62304..d7a28ca5331 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.98 2005/04/05 20:46:20 cloder Exp $ */ +/* $OpenBSD: x509.c,v 1.99 2005/04/08 16:24:12 deraadt Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -611,11 +611,7 @@ int x509_read_from_dir(X509_STORE *ctx, char *name, int hash) { struct dirent *file; -#if defined (USE_PRIVSEP) struct monitor_dirents *dir; -#else - DIR *dir; -#endif FILE *certfp; X509 *cert; struct stat sb; @@ -716,11 +712,7 @@ x509_read_crls_from_dir(X509_STORE *ctx, char *name) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L struct dirent *file; -#if defined (USE_PRIVSEP) struct monitor_dirents *dir; -#else - DIR *dir; -#endif FILE *crlfp; X509_CRL *crl; struct stat sb; |