|
1 Taken from http://www.sudo.ws/repos/sudo/rev/cd02732f0704 and backported to |
|
2 sudo 1.9.5p5. The fix will be available in sudo 1.8.10p3. |
|
3 |
|
4 Patching of configure script was removed as we regenerate it by autotools |
|
5 anyway. |
|
6 |
|
7 diff -urN sudo-1.8.9p5.old/common/Makefile.in sudo-1.8.9p5/common/Makefile.in |
|
8 --- sudo-1.8.9p5.old/common/Makefile.in 2014-01-07 19:09:02.000000000 +0100 |
|
9 +++ sudo-1.8.9p5/common/Makefile.in 2014-04-10 15:20:34.447046660 +0200 |
|
10 @@ -186,8 +186,8 @@ |
|
11 $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
|
12 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atomode.c |
|
13 conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(incdir)/missing.h \ |
|
14 - $(incdir)/queue.h $(incdir)/sudo_conf.h $(top_builddir)/config.h \ |
|
15 - $(top_srcdir)/compat/stdbool.h |
|
16 + $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_util.h \ |
|
17 + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
|
18 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c |
|
19 event.lo: $(srcdir)/event.c $(incdir)/alloc.h $(incdir)/fatal.h \ |
|
20 $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ |
|
21 @@ -223,8 +223,8 @@ |
|
22 $(top_srcdir)/compat/stdbool.h |
|
23 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c |
|
24 hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/fatal.h \ |
|
25 - $(incdir)/missing.h $(incdir)/queue.h $(top_builddir)/config.h \ |
|
26 - $(top_srcdir)/compat/stdbool.h |
|
27 + $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_util.h \ |
|
28 + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
|
29 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/tailq/hltq_test.c |
|
30 lbuf.lo: $(srcdir)/lbuf.c $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/lbuf.h \ |
|
31 $(incdir)/missing.h $(incdir)/sudo_debug.h $(top_builddir)/config.h |
|
32 @@ -233,7 +233,7 @@ |
|
33 $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h |
|
34 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c |
|
35 parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \ |
|
36 - $(incdir)/fileops.h $(incdir)/missing.h \ |
|
37 + $(incdir)/fileops.h $(incdir)/missing.h $(incdir)/sudo_util.h \ |
|
38 $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
|
39 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c |
|
40 progname.lo: $(srcdir)/progname.c $(incdir)/missing.h $(incdir)/sudo_util.h \ |
|
41 diff -urN sudo-1.8.9p5.old/compat/Makefile.in sudo-1.8.9p5/compat/Makefile.in |
|
42 --- sudo-1.8.9p5.old/compat/Makefile.in 2014-01-07 19:08:52.000000000 +0100 |
|
43 +++ sudo-1.8.9p5/compat/Makefile.in 2014-04-10 15:20:34.447431545 +0200 |
|
44 @@ -178,7 +178,9 @@ |
|
45 getcwd.lo: $(srcdir)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h |
|
46 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c |
|
47 getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/missing.h \ |
|
48 - $(top_builddir)/config.h $(top_srcdir)/compat/nss_dbdefs.h |
|
49 + $(incdir)/sudo_util.h $(top_builddir)/config.h \ |
|
50 + $(top_srcdir)/compat/nss_dbdefs.h \ |
|
51 + $(top_srcdir)/compat/stdbool.h |
|
52 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c |
|
53 getline.lo: $(srcdir)/getline.c $(incdir)/missing.h $(top_builddir)/config.h |
|
54 $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c |
|
55 diff -urN sudo-1.8.9p5.old/compat/sha2.c sudo-1.8.9p5/compat/sha2.c |
|
56 --- sudo-1.8.9p5.old/compat/sha2.c 1970-01-01 01:00:00.000000000 +0100 |
|
57 +++ sudo-1.8.9p5/compat/sha2.c 2014-04-10 15:20:34.448122160 +0200 |
|
58 @@ -0,0 +1,526 @@ |
|
59 +/* |
|
60 + * Copyright (c) 2013 Todd C. Miller <[email protected]> |
|
61 + * |
|
62 + * Permission to use, copy, modify, and distribute this software for any |
|
63 + * purpose with or without fee is hereby granted, provided that the above |
|
64 + * copyright notice and this permission notice appear in all copies. |
|
65 + * |
|
66 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
67 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
68 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
|
69 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
70 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
71 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
72 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
73 + */ |
|
74 + |
|
75 +/* |
|
76 + * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 |
|
77 + * as per FIPS 180-4: Secure Hash Standard (SHS) |
|
78 + * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf |
|
79 + * |
|
80 + * Derived from the public domain SHA-1 and SHA-2 implementations |
|
81 + * by Steve Reid and Wei Dai respectively. |
|
82 + */ |
|
83 + |
|
84 +#include <config.h> |
|
85 + |
|
86 +#include <stdio.h> |
|
87 +#ifdef STDC_HEADERS |
|
88 +# include <stdlib.h> |
|
89 +# include <stddef.h> |
|
90 +#else |
|
91 +# ifdef HAVE_STDLIB_H |
|
92 +# include <stdlib.h> |
|
93 +# endif |
|
94 +#endif /* STDC_HEADERS */ |
|
95 +#ifdef HAVE_STRING_H |
|
96 +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
|
97 +# include <memory.h> |
|
98 +# endif |
|
99 +# include <string.h> |
|
100 +#endif /* HAVE_STRING_H */ |
|
101 +#ifdef HAVE_STRINGS_H |
|
102 +# include <strings.h> |
|
103 +#endif /* HAVE_STRINGS_H */ |
|
104 +#if defined(HAVE_STDINT_H) |
|
105 +# include <stdint.h> |
|
106 +#elif defined(HAVE_INTTYPES_H) |
|
107 +# include <inttypes.h> |
|
108 +#endif |
|
109 +#if defined(HAVE_ENDIAN_H) |
|
110 +# include <endian.h> |
|
111 +#elif defined(HAVE_SYS_ENDIAN_H) |
|
112 +# include <sys/endian.h> |
|
113 +#elif defined(HAVE_MACHINE_ENDIAN_H) |
|
114 +# include <machine/endian.h> |
|
115 +#else |
|
116 +# include "compat/endian.h" |
|
117 +#endif |
|
118 + |
|
119 +#include "missing.h" |
|
120 +#include "sha2.h" |
|
121 + |
|
122 +/* |
|
123 + * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. |
|
124 + * The following macros convert between character arrays and big endian words. |
|
125 + */ |
|
126 +#define BE8TO32(x, y) do { \ |
|
127 + (x) = (((uint32_t)((y)[0] & 255) << 24) | \ |
|
128 + ((uint32_t)((y)[1] & 255) << 16) | \ |
|
129 + ((uint32_t)((y)[2] & 255) << 8) | \ |
|
130 + ((uint32_t)((y)[3] & 255))); \ |
|
131 +} while (0) |
|
132 + |
|
133 +#define BE8TO64(x, y) do { \ |
|
134 + (x) = (((uint64_t)((y)[0] & 255) << 56) | \ |
|
135 + ((uint64_t)((y)[1] & 255) << 48) | \ |
|
136 + ((uint64_t)((y)[2] & 255) << 40) | \ |
|
137 + ((uint64_t)((y)[3] & 255) << 32) | \ |
|
138 + ((uint64_t)((y)[4] & 255) << 24) | \ |
|
139 + ((uint64_t)((y)[5] & 255) << 16) | \ |
|
140 + ((uint64_t)((y)[6] & 255) << 8) | \ |
|
141 + ((uint64_t)((y)[7] & 255))); \ |
|
142 +} while (0) |
|
143 + |
|
144 +#define BE32TO8(x, y) do { \ |
|
145 + (x)[0] = (uint8_t)(((y) >> 24) & 255); \ |
|
146 + (x)[1] = (uint8_t)(((y) >> 16) & 255); \ |
|
147 + (x)[2] = (uint8_t)(((y) >> 8) & 255); \ |
|
148 + (x)[3] = (uint8_t)((y) & 255); \ |
|
149 +} while (0) |
|
150 + |
|
151 +#define BE64TO8(x, y) do { \ |
|
152 + (x)[0] = (uint8_t)(((y) >> 56) & 255); \ |
|
153 + (x)[1] = (uint8_t)(((y) >> 48) & 255); \ |
|
154 + (x)[2] = (uint8_t)(((y) >> 40) & 255); \ |
|
155 + (x)[3] = (uint8_t)(((y) >> 32) & 255); \ |
|
156 + (x)[4] = (uint8_t)(((y) >> 24) & 255); \ |
|
157 + (x)[5] = (uint8_t)(((y) >> 16) & 255); \ |
|
158 + (x)[6] = (uint8_t)(((y) >> 8) & 255); \ |
|
159 + (x)[7] = (uint8_t)((y) & 255); \ |
|
160 +} while (0) |
|
161 + |
|
162 +#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) |
|
163 + |
|
164 +#define blk0(i) (W[i]) |
|
165 +#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) |
|
166 + |
|
167 +#define Ch(x,y,z) (z^(x&(y^z))) |
|
168 +#define Maj(x,y,z) (y^((x^y)&(y^z))) |
|
169 + |
|
170 +#define a(i) T[(0-i)&7] |
|
171 +#define b(i) T[(1-i)&7] |
|
172 +#define c(i) T[(2-i)&7] |
|
173 +#define d(i) T[(3-i)&7] |
|
174 +#define e(i) T[(4-i)&7] |
|
175 +#define f(i) T[(5-i)&7] |
|
176 +#define g(i) T[(6-i)&7] |
|
177 +#define h(i) T[(7-i)&7] |
|
178 + |
|
179 +void |
|
180 +SHA224Init(SHA2_CTX *ctx) |
|
181 +{ |
|
182 + memset(ctx, 0, sizeof(*ctx)); |
|
183 + ctx->state.st32[0] = 0xc1059ed8UL; |
|
184 + ctx->state.st32[1] = 0x367cd507UL; |
|
185 + ctx->state.st32[2] = 0x3070dd17UL; |
|
186 + ctx->state.st32[3] = 0xf70e5939UL; |
|
187 + ctx->state.st32[4] = 0xffc00b31UL; |
|
188 + ctx->state.st32[5] = 0x68581511UL; |
|
189 + ctx->state.st32[6] = 0x64f98fa7UL; |
|
190 + ctx->state.st32[7] = 0xbefa4fa4UL; |
|
191 +} |
|
192 + |
|
193 +void |
|
194 +SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) |
|
195 +{ |
|
196 + SHA256Transform(state, buffer); |
|
197 +} |
|
198 + |
|
199 +void |
|
200 +SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
201 +{ |
|
202 + SHA256Update(ctx, data, len); |
|
203 +} |
|
204 + |
|
205 +void |
|
206 +SHA224Pad(SHA2_CTX *ctx) |
|
207 +{ |
|
208 + SHA256Pad(ctx); |
|
209 +} |
|
210 + |
|
211 +void |
|
212 +SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
213 +{ |
|
214 + SHA256Pad(ctx); |
|
215 + if (digest != NULL) { |
|
216 +#if BYTE_ORDER == BIG_ENDIAN |
|
217 + memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); |
|
218 +#else |
|
219 + unsigned int i; |
|
220 + |
|
221 + for (i = 0; i < 7; i++) |
|
222 + BE32TO8(digest + (i * 4), ctx->state.st32[i]); |
|
223 +#endif |
|
224 + memset(ctx, 0, sizeof(*ctx)); |
|
225 + } |
|
226 +} |
|
227 + |
|
228 +static const uint32_t SHA256_K[64] = { |
|
229 + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, |
|
230 + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, |
|
231 + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, |
|
232 + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, |
|
233 + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, |
|
234 + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, |
|
235 + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, |
|
236 + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, |
|
237 + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, |
|
238 + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, |
|
239 + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, |
|
240 + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, |
|
241 + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, |
|
242 + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, |
|
243 + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, |
|
244 + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL |
|
245 +}; |
|
246 + |
|
247 +void |
|
248 +SHA256Init(SHA2_CTX *ctx) |
|
249 +{ |
|
250 + memset(ctx, 0, sizeof(*ctx)); |
|
251 + ctx->state.st32[0] = 0x6a09e667UL; |
|
252 + ctx->state.st32[1] = 0xbb67ae85UL; |
|
253 + ctx->state.st32[2] = 0x3c6ef372UL; |
|
254 + ctx->state.st32[3] = 0xa54ff53aUL; |
|
255 + ctx->state.st32[4] = 0x510e527fUL; |
|
256 + ctx->state.st32[5] = 0x9b05688cUL; |
|
257 + ctx->state.st32[6] = 0x1f83d9abUL; |
|
258 + ctx->state.st32[7] = 0x5be0cd19UL; |
|
259 +} |
|
260 + |
|
261 +/* Round macros for SHA256 */ |
|
262 +#define R(i) do { \ |
|
263 + h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ |
|
264 + d(i)+=h(i); \ |
|
265 + h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ |
|
266 +} while (0) |
|
267 + |
|
268 +#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) |
|
269 +#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) |
|
270 +#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) |
|
271 +#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) |
|
272 + |
|
273 +void |
|
274 +SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) |
|
275 +{ |
|
276 + uint32_t W[16]; |
|
277 + uint32_t T[8]; |
|
278 + unsigned int j; |
|
279 + |
|
280 + /* Copy context state to working vars. */ |
|
281 + memcpy(T, state, sizeof(T)); |
|
282 + /* Copy data to W in big endian format. */ |
|
283 +#if BYTE_ORDER == BIG_ENDIAN |
|
284 + memcpy(W, data, sizeof(W)); |
|
285 +#else |
|
286 + for (j = 0; j < 16; j++) { |
|
287 + BE8TO32(W[j], data); |
|
288 + data += 4; |
|
289 + } |
|
290 +#endif |
|
291 + /* 64 operations, partially loop unrolled. */ |
|
292 + for (j = 0; j < 64; j += 16) |
|
293 + { |
|
294 + R( 0); R( 1); R( 2); R( 3); |
|
295 + R( 4); R( 5); R( 6); R( 7); |
|
296 + R( 8); R( 9); R(10); R(11); |
|
297 + R(12); R(13); R(14); R(15); |
|
298 + } |
|
299 + /* Add the working vars back into context state. */ |
|
300 + state[0] += a(0); |
|
301 + state[1] += b(0); |
|
302 + state[2] += c(0); |
|
303 + state[3] += d(0); |
|
304 + state[4] += e(0); |
|
305 + state[5] += f(0); |
|
306 + state[6] += g(0); |
|
307 + state[7] += h(0); |
|
308 + /* Cleanup */ |
|
309 + memset_s(T, sizeof(T), 0, sizeof(T)); |
|
310 + memset_s(W, sizeof(W), 0, sizeof(W)); |
|
311 +} |
|
312 + |
|
313 +#undef S0 |
|
314 +#undef S1 |
|
315 +#undef s0 |
|
316 +#undef s1 |
|
317 +#undef R |
|
318 + |
|
319 +void |
|
320 +SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
321 +{ |
|
322 + size_t i = 0, j; |
|
323 + |
|
324 + j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); |
|
325 + ctx->count[0] += (len << 3); |
|
326 + if ((j + len) > SHA256_BLOCK_LENGTH - 1) { |
|
327 + memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); |
|
328 + SHA256Transform(ctx->state.st32, ctx->buffer); |
|
329 + for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) |
|
330 + SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); |
|
331 + j = 0; |
|
332 + } |
|
333 + memcpy(&ctx->buffer[j], &data[i], len - i); |
|
334 +} |
|
335 + |
|
336 +void |
|
337 +SHA256Pad(SHA2_CTX *ctx) |
|
338 +{ |
|
339 + uint8_t finalcount[8]; |
|
340 + |
|
341 + /* Store unpadded message length in bits in big endian format. */ |
|
342 + BE64TO8(finalcount, ctx->count[0]); |
|
343 + |
|
344 + /* Append a '1' bit (0x80) to the message. */ |
|
345 + SHA256Update(ctx, (uint8_t *)"\200", 1); |
|
346 + |
|
347 + /* Pad message such that the resulting length modulo 512 is 448. */ |
|
348 + while ((ctx->count[0] & 504) != 448) |
|
349 + SHA256Update(ctx, (uint8_t *)"\0", 1); |
|
350 + |
|
351 + /* Append length of message in bits and do final SHA256Transform(). */ |
|
352 + SHA256Update(ctx, finalcount, sizeof(finalcount)); |
|
353 +} |
|
354 + |
|
355 +void |
|
356 +SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
357 +{ |
|
358 + SHA256Pad(ctx); |
|
359 + if (digest != NULL) { |
|
360 +#if BYTE_ORDER == BIG_ENDIAN |
|
361 + memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); |
|
362 +#else |
|
363 + unsigned int i; |
|
364 + |
|
365 + for (i = 0; i < 8; i++) |
|
366 + BE32TO8(digest + (i * 4), ctx->state.st32[i]); |
|
367 +#endif |
|
368 + memset(ctx, 0, sizeof(*ctx)); |
|
369 + } |
|
370 +} |
|
371 + |
|
372 +void |
|
373 +SHA384Init(SHA2_CTX *ctx) |
|
374 +{ |
|
375 + memset(ctx, 0, sizeof(*ctx)); |
|
376 + ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; |
|
377 + ctx->state.st64[1] = 0x629a292a367cd507ULL; |
|
378 + ctx->state.st64[2] = 0x9159015a3070dd17ULL; |
|
379 + ctx->state.st64[3] = 0x152fecd8f70e5939ULL; |
|
380 + ctx->state.st64[4] = 0x67332667ffc00b31ULL; |
|
381 + ctx->state.st64[5] = 0x8eb44a8768581511ULL; |
|
382 + ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; |
|
383 + ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; |
|
384 +} |
|
385 + |
|
386 +void |
|
387 +SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) |
|
388 +{ |
|
389 + SHA512Transform(state, data); |
|
390 +} |
|
391 + |
|
392 +void |
|
393 +SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
394 +{ |
|
395 + SHA512Update(ctx, data, len); |
|
396 +} |
|
397 + |
|
398 +void |
|
399 +SHA384Pad(SHA2_CTX *ctx) |
|
400 +{ |
|
401 + SHA512Pad(ctx); |
|
402 +} |
|
403 + |
|
404 +void |
|
405 +SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
406 +{ |
|
407 + SHA384Pad(ctx); |
|
408 + if (digest != NULL) { |
|
409 +#if BYTE_ORDER == BIG_ENDIAN |
|
410 + memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); |
|
411 +#else |
|
412 + unsigned int i; |
|
413 + |
|
414 + for (i = 0; i < 6; i++) |
|
415 + BE64TO8(digest + (i * 8), ctx->state.st64[i]); |
|
416 +#endif |
|
417 + memset(ctx, 0, sizeof(*ctx)); |
|
418 + } |
|
419 +} |
|
420 + |
|
421 +static const uint64_t SHA512_K[80] = { |
|
422 + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, |
|
423 + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, |
|
424 + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, |
|
425 + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, |
|
426 + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, |
|
427 + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, |
|
428 + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, |
|
429 + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, |
|
430 + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, |
|
431 + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, |
|
432 + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, |
|
433 + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, |
|
434 + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, |
|
435 + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, |
|
436 + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, |
|
437 + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, |
|
438 + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, |
|
439 + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, |
|
440 + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, |
|
441 + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, |
|
442 + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, |
|
443 + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, |
|
444 + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, |
|
445 + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, |
|
446 + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, |
|
447 + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, |
|
448 + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, |
|
449 + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, |
|
450 + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, |
|
451 + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, |
|
452 + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, |
|
453 + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, |
|
454 + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, |
|
455 + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, |
|
456 + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, |
|
457 + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, |
|
458 + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, |
|
459 + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, |
|
460 + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, |
|
461 + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL |
|
462 +}; |
|
463 + |
|
464 +void |
|
465 +SHA512Init(SHA2_CTX *ctx) |
|
466 +{ |
|
467 + memset(ctx, 0, sizeof(*ctx)); |
|
468 + ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; |
|
469 + ctx->state.st64[1] = 0xbb67ae8584caa73bULL; |
|
470 + ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; |
|
471 + ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; |
|
472 + ctx->state.st64[4] = 0x510e527fade682d1ULL; |
|
473 + ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; |
|
474 + ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; |
|
475 + ctx->state.st64[7] = 0x5be0cd19137e2179ULL; |
|
476 +} |
|
477 + |
|
478 +/* Round macros for SHA512 */ |
|
479 +#define R(i) do { \ |
|
480 + h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ |
|
481 + d(i)+=h(i); \ |
|
482 + h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ |
|
483 +} while (0) |
|
484 + |
|
485 +#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) |
|
486 +#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) |
|
487 +#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) |
|
488 +#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) |
|
489 + |
|
490 +void |
|
491 +SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) |
|
492 +{ |
|
493 + uint64_t W[16]; |
|
494 + uint64_t T[8]; |
|
495 + unsigned int j; |
|
496 + |
|
497 + /* Copy context state to working vars. */ |
|
498 + memcpy(T, state, sizeof(T)); |
|
499 + /* Copy data to W in big endian format. */ |
|
500 +#if BYTE_ORDER == BIG_ENDIAN |
|
501 + memcpy(W, data, sizeof(W)); |
|
502 +#else |
|
503 + for (j = 0; j < 16; j++) { |
|
504 + BE8TO64(W[j], data); |
|
505 + data += 8; |
|
506 + } |
|
507 +#endif |
|
508 + /* 80 operations, partially loop unrolled. */ |
|
509 + for (j = 0; j < 80; j += 16) |
|
510 + { |
|
511 + R( 0); R( 1); R( 2); R( 3); |
|
512 + R( 4); R( 5); R( 6); R( 7); |
|
513 + R( 8); R( 9); R(10); R(11); |
|
514 + R(12); R(13); R(14); R(15); |
|
515 + } |
|
516 + /* Add the working vars back into context state. */ |
|
517 + state[0] += a(0); |
|
518 + state[1] += b(0); |
|
519 + state[2] += c(0); |
|
520 + state[3] += d(0); |
|
521 + state[4] += e(0); |
|
522 + state[5] += f(0); |
|
523 + state[6] += g(0); |
|
524 + state[7] += h(0); |
|
525 + /* Cleanup. */ |
|
526 + memset_s(T, sizeof(T), 0, sizeof(T)); |
|
527 + memset_s(W, sizeof(W), 0, sizeof(W)); |
|
528 +} |
|
529 + |
|
530 +void |
|
531 +SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
532 +{ |
|
533 + size_t i = 0, j; |
|
534 + |
|
535 + j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); |
|
536 + ctx->count[0] += (len << 3); |
|
537 + if (ctx->count[0] < (len << 3)) |
|
538 + ctx->count[1]++; |
|
539 + if ((j + len) > SHA512_BLOCK_LENGTH - 1) { |
|
540 + memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); |
|
541 + SHA512Transform(ctx->state.st64, ctx->buffer); |
|
542 + for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) |
|
543 + SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); |
|
544 + j = 0; |
|
545 + } |
|
546 + memcpy(&ctx->buffer[j], &data[i], len - i); |
|
547 +} |
|
548 + |
|
549 +void |
|
550 +SHA512Pad(SHA2_CTX *ctx) |
|
551 +{ |
|
552 + uint8_t finalcount[16]; |
|
553 + |
|
554 + /* Store unpadded message length in bits in big endian format. */ |
|
555 + BE64TO8(finalcount, ctx->count[1]); |
|
556 + BE64TO8(finalcount + 8, ctx->count[0]); |
|
557 + |
|
558 + /* Append a '1' bit (0x80) to the message. */ |
|
559 + SHA512Update(ctx, (uint8_t *)"\200", 1); |
|
560 + |
|
561 + /* Pad message such that the resulting length modulo 1024 is 896. */ |
|
562 + while ((ctx->count[0] & 1008) != 896) |
|
563 + SHA512Update(ctx, (uint8_t *)"\0", 1); |
|
564 + |
|
565 + /* Append length of message in bits and do final SHA512Transform(). */ |
|
566 + SHA512Update(ctx, finalcount, sizeof(finalcount)); |
|
567 +} |
|
568 + |
|
569 +void |
|
570 +SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
571 +{ |
|
572 + SHA512Pad(ctx); |
|
573 + if (digest != NULL) { |
|
574 +#if BYTE_ORDER == BIG_ENDIAN |
|
575 + memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); |
|
576 +#else |
|
577 + unsigned int i; |
|
578 + |
|
579 + for (i = 0; i < 8; i++) |
|
580 + BE64TO8(digest + (i * 8), ctx->state.st64[i]); |
|
581 +#endif |
|
582 + memset(ctx, 0, sizeof(*ctx)); |
|
583 + } |
|
584 +} |
|
585 diff -urN sudo-1.8.9p5.old/compat/sha2.h sudo-1.8.9p5/compat/sha2.h |
|
586 --- sudo-1.8.9p5.old/compat/sha2.h 1970-01-01 01:00:00.000000000 +0100 |
|
587 +++ sudo-1.8.9p5/compat/sha2.h 2014-04-10 15:20:34.448517327 +0200 |
|
588 @@ -0,0 +1,74 @@ |
|
589 +/* |
|
590 + * Copyright (c) 2013 Todd C. Miller <[email protected]> |
|
591 + * |
|
592 + * Permission to use, copy, modify, and distribute this software for any |
|
593 + * purpose with or without fee is hereby granted, provided that the above |
|
594 + * copyright notice and this permission notice appear in all copies. |
|
595 + * |
|
596 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
597 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
598 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
|
599 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
600 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
601 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
602 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
603 + */ |
|
604 + |
|
605 +/* |
|
606 + * Derived from the public domain SHA-1 and SHA-2 implementations |
|
607 + * by Steve Reid and Wei Dai respectively. |
|
608 + */ |
|
609 + |
|
610 +#ifndef _SUDOERS_SHA2_H |
|
611 +#define _SUDOERS_SHA2_H |
|
612 + |
|
613 +#define SHA224_BLOCK_LENGTH 64 |
|
614 +#define SHA224_DIGEST_LENGTH 28 |
|
615 +#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) |
|
616 + |
|
617 +#define SHA256_BLOCK_LENGTH 64 |
|
618 +#define SHA256_DIGEST_LENGTH 32 |
|
619 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) |
|
620 + |
|
621 +#define SHA384_BLOCK_LENGTH 128 |
|
622 +#define SHA384_DIGEST_LENGTH 48 |
|
623 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) |
|
624 + |
|
625 +#define SHA512_BLOCK_LENGTH 128 |
|
626 +#define SHA512_DIGEST_LENGTH 64 |
|
627 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) |
|
628 + |
|
629 +typedef struct { |
|
630 + union { |
|
631 + uint32_t st32[8]; /* sha224 and sha256 */ |
|
632 + uint64_t st64[8]; /* sha384 and sha512 */ |
|
633 + } state; |
|
634 + uint64_t count[2]; |
|
635 + uint8_t buffer[SHA512_BLOCK_LENGTH]; |
|
636 +} SHA2_CTX; |
|
637 + |
|
638 +void SHA224Init(SHA2_CTX *ctx); |
|
639 +void SHA224Pad(SHA2_CTX *ctx); |
|
640 +void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); |
|
641 +void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
642 +void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
643 + |
|
644 +void SHA256Init(SHA2_CTX *ctx); |
|
645 +void SHA256Pad(SHA2_CTX *ctx); |
|
646 +void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); |
|
647 +void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
648 +void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
649 + |
|
650 +void SHA384Init(SHA2_CTX *ctx); |
|
651 +void SHA384Pad(SHA2_CTX *ctx); |
|
652 +void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); |
|
653 +void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
654 +void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
655 + |
|
656 +void SHA512Init(SHA2_CTX *ctx); |
|
657 +void SHA512Pad(SHA2_CTX *ctx); |
|
658 +void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); |
|
659 +void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
660 +void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
661 + |
|
662 +#endif /* _SUDOERS_SHA2_H */ |
|
663 diff -urN sudo-1.8.9p5.old/config.h.in sudo-1.8.9p5/config.h.in |
|
664 --- sudo-1.8.9p5.old/config.h.in 2014-04-10 15:19:56.000000000 +0200 |
|
665 +++ sudo-1.8.9p5/config.h.in 2014-04-10 15:20:34.449144378 +0200 |
|
666 @@ -521,6 +521,9 @@ |
|
667 /* Define to 1 if you have the `set_auth_parameters' function. */ |
|
668 #undef HAVE_SET_AUTH_PARAMETERS |
|
669 |
|
670 +/* Define to 1 if you have the `SHA224Update' function. */ |
|
671 +#undef HAVE_SHA224UPDATE |
|
672 + |
|
673 /* Define to 1 if you have the `shl_load' function. */ |
|
674 #undef HAVE_SHL_LOAD |
|
675 |
|
676 @@ -983,6 +989,10 @@ |
|
677 /* Define to 1 to send mail when the user is not in the sudoers file. */ |
|
678 #undef SEND_MAIL_WHEN_NO_USER |
|
679 |
|
680 +/* Define to 1 if the sha2 functions use `const void *' instead of `const |
|
681 + unsigned char'. */ |
|
682 +#undef SHA2_VOID_PTR |
|
683 + |
|
684 /* Define to 1 if you want sudo to start a shell if given no arguments. */ |
|
685 #undef SHELL_IF_NO_ARGS |
|
686 |
|
687 diff -urN sudo-1.8.9p5.old/configure.ac sudo-1.8.9p5/configure.ac |
|
688 --- sudo-1.8.9p5.old/configure.ac 2014-04-10 15:19:47.156138496 +0200 |
|
689 +++ sudo-1.8.9p5/configure.ac 2014-04-10 15:20:34.458422206 +0200 |
|
690 @@ -77,6 +77,7 @@ |
|
691 AC_SUBST([LIBDL]) |
|
692 AC_SUBST([LT_STATIC]) |
|
693 AC_SUBST([LIBINTL]) |
|
694 +AC_SUBST([LIBMD]) |
|
695 AC_SUBST([SUDO_NLS]) |
|
696 AC_SUBST([LOCALEDIR_SUFFIX]) |
|
697 AC_SUBST([COMPAT_TEST_PROGS]) |
|
698 @@ -194,6 +195,7 @@ |
|
699 PSMAN=0 |
|
700 SEMAN=0 |
|
701 LIBINTL= |
|
702 +LIBMD= |
|
703 ZLIB= |
|
704 ZLIB_SRC= |
|
705 AUTH_OBJS= |
|
706 @@ -2445,6 +2447,16 @@ |
|
707 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], |
|
708 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) |
|
709 fi |
|
710 +AC_CHECK_HEADER([sha2.h], [ |
|
711 + AC_CHECK_FUNCS(SHA224Update, [SUDO_FUNC_SHA2_VOID_PTR], [ |
|
712 + # On some systems, SHA224Update is in libmd |
|
713 + AC_CHECK_LIB(md, SHA224Update, [ |
|
714 + AC_DEFINE(HAVE_SHA224UPDATE) |
|
715 + SUDO_FUNC_SHA2_VOID_PTR |
|
716 + LIBMD="-lmd" |
|
717 + ], [AC_LIBOBJ(sha2)]) |
|
718 + ]) |
|
719 +], [AC_LIBOBJ(sha2)]) |
|
720 dnl |
|
721 dnl Function checks for sudo_noexec |
|
722 dnl |
|
723 diff -urN sudo-1.8.9p5.old/MANIFEST sudo-1.8.9p5/MANIFEST |
|
724 --- sudo-1.8.9p5.old/MANIFEST 2014-04-10 15:19:47.157886371 +0200 |
|
725 +++ sudo-1.8.9p5/MANIFEST 2014-04-10 15:20:58.300108720 +0200 |
|
726 @@ -88,6 +88,8 @@ |
|
727 compat/regress/glob/files |
|
728 compat/regress/glob/globtest.c |
|
729 compat/regress/glob/globtest.in |
|
730 +compat/sha2.c |
|
731 +compat/sha2.h |
|
732 compat/sig2str.c |
|
733 compat/siglist.in |
|
734 compat/snprintf.c |
|
735 @@ -367,8 +369,6 @@ |
|
736 plugins/sudoers/regress/visudo/test5.out.ok |
|
737 plugins/sudoers/regress/visudo/test5.sh |
|
738 plugins/sudoers/set_perms.c |
|
739 -plugins/sudoers/sha2.c |
|
740 -plugins/sudoers/sha2.h |
|
741 plugins/sudoers/solaris_audit.c |
|
742 plugins/sudoers/solaris_audit.h |
|
743 plugins/sudoers/sssd.c |
|
744 diff -urN sudo-1.8.9p5.old/m4/sudo.m4 sudo-1.8.9p5/m4/sudo.m4 |
|
745 --- sudo-1.8.9p5.old/m4/sudo.m4 2014-01-07 19:08:52.000000000 +0100 |
|
746 +++ sudo-1.8.9p5/m4/sudo.m4 2014-04-10 15:20:34.458820769 +0200 |
|
747 @@ -264,6 +264,24 @@ |
|
748 ]) |
|
749 |
|
750 dnl |
|
751 +dnl Check if the data argument for the sha2 functions is void * or u_char * |
|
752 +dnl |
|
753 +AC_DEFUN([SUDO_FUNC_SHA2_VOID_PTR], |
|
754 +[AC_CACHE_CHECK([whether the data argument of SHA224Update() is void *], |
|
755 +sudo_cv_func_sha2_void_ptr, |
|
756 +[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT |
|
757 +#include <sha2.h> |
|
758 +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;}], [])], |
|
759 + [sudo_cv_func_sha2_void_ptr=yes], |
|
760 + [sudo_cv_func_sha2_void_ptr=no]) |
|
761 + ]) |
|
762 + if test $sudo_cv_func_sha2_void_ptr = yes; then |
|
763 + AC_DEFINE(SHA2_VOID_PTR, 1, |
|
764 + [Define to 1 if the sha2 functions use `const void *' instead of `const unsigned char'.]) |
|
765 + fi |
|
766 +]) |
|
767 + |
|
768 +dnl |
|
769 dnl check for sa_len field in struct sockaddr |
|
770 dnl |
|
771 AC_DEFUN([SUDO_SOCK_SA_LEN], [ |
|
772 diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.c sudo-1.8.9p5/plugins/sudoers/gram.c |
|
773 --- sudo-1.8.9p5.old/plugins/sudoers/gram.c 2014-01-07 19:08:53.000000000 +0100 |
|
774 +++ sudo-1.8.9p5/plugins/sudoers/gram.c 2014-04-10 15:20:34.460695182 +0200 |
|
775 @@ -179,10 +179,10 @@ |
|
776 #define PRIVS 289 |
|
777 #define LIMITPRIVS 290 |
|
778 #define MYSELF 291 |
|
779 -#define SHA224 292 |
|
780 -#define SHA256 293 |
|
781 -#define SHA384 294 |
|
782 -#define SHA512 295 |
|
783 +#define SHA224_TOK 292 |
|
784 +#define SHA256_TOK 293 |
|
785 +#define SHA384_TOK 294 |
|
786 +#define SHA512_TOK 295 |
|
787 #define YYERRCODE 256 |
|
788 #if defined(__cplusplus) || defined(__STDC__) |
|
789 const short sudoerslhs[] = |
|
790 @@ -550,7 +550,7 @@ |
|
791 "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", |
|
792 "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", |
|
793 "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", |
|
794 -"MYSELF","SHA224","SHA256","SHA384","SHA512", |
|
795 +"MYSELF","SHA224_TOK","SHA256_TOK","SHA384_TOK","SHA512_TOK", |
|
796 }; |
|
797 #if defined(__cplusplus) || defined(__STDC__) |
|
798 const char * const sudoersrule[] = |
|
799 @@ -594,10 +594,10 @@ |
|
800 "cmndspeclist : cmndspec", |
|
801 "cmndspeclist : cmndspeclist ',' cmndspec", |
|
802 "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", |
|
803 -"digest : SHA224 ':' DIGEST", |
|
804 -"digest : SHA256 ':' DIGEST", |
|
805 -"digest : SHA384 ':' DIGEST", |
|
806 -"digest : SHA512 ':' DIGEST", |
|
807 +"digest : SHA224_TOK ':' DIGEST", |
|
808 +"digest : SHA256_TOK ':' DIGEST", |
|
809 +"digest : SHA384_TOK ':' DIGEST", |
|
810 +"digest : SHA512_TOK ':' DIGEST", |
|
811 "digcmnd : opcmnd", |
|
812 "digcmnd : digest opcmnd", |
|
813 "opcmnd : cmnd", |
|
814 @@ -1089,12 +1089,12 @@ |
|
815 goto yyreduce; |
|
816 } |
|
817 if (yyerrflag) goto yyinrecovery; |
|
818 -#if defined(lint) || defined(__GNUC__) |
|
819 +#if defined(__GNUC__) |
|
820 goto yynewerror; |
|
821 #endif |
|
822 yynewerror: |
|
823 yyerror("syntax error"); |
|
824 -#if defined(lint) || defined(__GNUC__) |
|
825 +#if defined(__GNUC__) |
|
826 goto yyerrlab; |
|
827 #endif |
|
828 yyerrlab: |
|
829 diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.h sudo-1.8.9p5/plugins/sudoers/gram.h |
|
830 --- sudo-1.8.9p5.old/plugins/sudoers/gram.h 2014-01-07 19:08:53.000000000 +0100 |
|
831 +++ sudo-1.8.9p5/plugins/sudoers/gram.h 2014-04-10 15:20:34.461102773 +0200 |
|
832 @@ -33,10 +33,10 @@ |
|
833 #define PRIVS 289 |
|
834 #define LIMITPRIVS 290 |
|
835 #define MYSELF 291 |
|
836 -#define SHA224 292 |
|
837 -#define SHA256 293 |
|
838 -#define SHA384 294 |
|
839 -#define SHA512 295 |
|
840 +#define SHA224_TOK 292 |
|
841 +#define SHA256_TOK 293 |
|
842 +#define SHA384_TOK 294 |
|
843 +#define SHA512_TOK 295 |
|
844 #ifndef YYSTYPE_DEFINED |
|
845 #define YYSTYPE_DEFINED |
|
846 typedef union { |
|
847 diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.y sudo-1.8.9p5/plugins/sudoers/gram.y |
|
848 --- sudo-1.8.9p5.old/plugins/sudoers/gram.y 2014-01-07 19:08:53.000000000 +0100 |
|
849 +++ sudo-1.8.9p5/plugins/sudoers/gram.y 2014-04-10 15:20:34.461582432 +0200 |
|
850 @@ -142,10 +142,10 @@ |
|
851 %token <tok> PRIVS /* Solaris privileges */ |
|
852 %token <tok> LIMITPRIVS /* Solaris limit privileges */ |
|
853 %token <tok> MYSELF /* run as myself, not another user */ |
|
854 -%token <tok> SHA224 /* sha224 digest */ |
|
855 -%token <tok> SHA256 /* sha256 digest */ |
|
856 -%token <tok> SHA384 /* sha384 digest */ |
|
857 -%token <tok> SHA512 /* sha512 digest */ |
|
858 +%token <tok> SHA224_TOK /* sha224 token */ |
|
859 +%token <tok> SHA256_TOK /* sha256 token */ |
|
860 +%token <tok> SHA384_TOK /* sha384 token */ |
|
861 +%token <tok> SHA512_TOK /* sha512 token */ |
|
862 |
|
863 %type <cmndspec> cmndspec |
|
864 %type <cmndspec> cmndspeclist |
|
865 @@ -370,16 +370,16 @@ |
|
866 } |
|
867 ; |
|
868 |
|
869 -digest : SHA224 ':' DIGEST { |
|
870 +digest : SHA224_TOK ':' DIGEST { |
|
871 $$ = new_digest(SUDO_DIGEST_SHA224, $3); |
|
872 } |
|
873 - | SHA256 ':' DIGEST { |
|
874 + | SHA256_TOK ':' DIGEST { |
|
875 $$ = new_digest(SUDO_DIGEST_SHA256, $3); |
|
876 } |
|
877 - | SHA384 ':' DIGEST { |
|
878 + | SHA384_TOK ':' DIGEST { |
|
879 $$ = new_digest(SUDO_DIGEST_SHA384, $3); |
|
880 } |
|
881 - | SHA512 ':' DIGEST { |
|
882 + | SHA512_TOK ':' DIGEST { |
|
883 $$ = new_digest(SUDO_DIGEST_SHA512, $3); |
|
884 } |
|
885 ; |
|
886 diff -urN sudo-1.8.9p5.old/plugins/sudoers/Makefile.in sudo-1.8.9p5/plugins/sudoers/Makefile.in |
|
887 --- sudo-1.8.9p5.old/plugins/sudoers/Makefile.in 2014-04-10 15:19:47.160183439 +0200 |
|
888 +++ sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-04-10 15:20:34.459914018 +0200 |
|
889 @@ -49,8 +49,10 @@ |
|
890 LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la |
|
891 LIBS = $(LT_LIBS) @LIBINTL@ |
|
892 NET_LIBS = @NET_LIBS@ |
|
893 -SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBDL@ |
|
894 +SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ @LIBDL@ |
|
895 REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ |
|
896 +VISUDO_LIBS = $(NET_LIBS) @LIBMD@ |
|
897 +TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ @LIBDL@ |
|
898 |
|
899 # C preprocessor flags |
|
900 CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@ |
|
901 @@ -130,7 +132,7 @@ |
|
902 |
|
903 LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ |
|
904 gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ |
|
905 - timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo |
|
906 + timestr.lo toke.lo toke_util.lo redblack.lo |
|
907 |
|
908 SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ |
|
909 goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ |
|
910 @@ -149,7 +151,7 @@ |
|
911 |
|
912 CHECK_BASE64_OBJS = check_base64.o base64.o locale.o |
|
913 |
|
914 -CHECK_DIGEST_OBJS = check_digest.o sha2.o |
|
915 +CHECK_DIGEST_OBJS = check_digest.o |
|
916 |
|
917 CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o |
|
918 |
|
919 @@ -196,13 +198,13 @@ |
|
920 $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) |
|
921 |
|
922 visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) |
|
923 - $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) |
|
924 + $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(VISUDO_LIBS) $(LIBS) |
|
925 |
|
926 sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) |
|
927 $(LIBTOOL) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) $(LIBS) |
|
928 |
|
929 testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) |
|
930 - $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @LIBDL@ |
|
931 + $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(TESTSUDOERS_LIBS) $(LIBS) |
|
932 |
|
933 check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) |
|
934 $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) |
|
935 @@ -211,7 +213,7 @@ |
|
936 $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) |
|
937 |
|
938 check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) |
|
939 - $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) |
|
940 + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @LIBMD@ |
|
941 |
|
942 check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) |
|
943 $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) |
|
944 @@ -501,12 +503,12 @@ |
|
945 $(top_builddir)/config.h |
|
946 $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c |
|
947 check_digest.o: $(srcdir)/regress/parser/check_digest.c $(incdir)/missing.h \ |
|
948 - $(srcdir)/sha2.h $(top_builddir)/config.h |
|
949 + $(top_builddir)/config.h |
|
950 $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c |
|
951 check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \ |
|
952 $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_plugin.h \ |
|
953 - $(srcdir)/parse.h $(srcdir)/toke.h $(top_builddir)/config.h \ |
|
954 - $(top_srcdir)/compat/stdbool.h |
|
955 + $(incdir)/sudo_util.h $(srcdir)/parse.h $(srcdir)/toke.h \ |
|
956 + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
|
957 $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c |
|
958 check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ |
|
959 $(devdir)/def_data.c $(devdir)/def_data.h \ |
|
960 @@ -607,8 +609,8 @@ |
|
961 $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h |
|
962 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c |
|
963 group_plugin.o: group_plugin.lo |
|
964 -hexchar.lo: $(srcdir)/hexchar.c $(incdir)/fatal.h $(incdir)/missing.h \ |
|
965 - $(incdir)/sudo_debug.h $(top_builddir)/config.h |
|
966 +hexchar.lo: $(srcdir)/hexchar.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ |
|
967 + $(top_builddir)/config.h |
|
968 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c |
|
969 hexchar.o: hexchar.lo |
|
970 interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h $(incdir)/alloc.h \ |
|
971 @@ -689,9 +691,9 @@ |
|
972 $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ |
|
973 $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ |
|
974 $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ |
|
975 - $(srcdir)/sha2.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ |
|
976 - $(top_builddir)/config.h $(top_builddir)/pathnames.h \ |
|
977 - $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \ |
|
978 + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \ |
|
979 + $(top_builddir)/pathnames.h $(top_srcdir)/compat/fnmatch.h \ |
|
980 + $(top_srcdir)/compat/glob.h $(top_srcdir)/compat/sha2.h \ |
|
981 $(top_srcdir)/compat/stdbool.h |
|
982 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c |
|
983 match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h $(incdir)/alloc.h \ |
|
984 @@ -806,10 +808,6 @@ |
|
985 $(srcdir)/sudoers.h $(top_builddir)/config.h \ |
|
986 $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h |
|
987 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c |
|
988 -sha2.lo: $(srcdir)/sha2.c $(incdir)/missing.h $(srcdir)/sha2.h \ |
|
989 - $(top_builddir)/config.h $(top_srcdir)/compat/endian.h |
|
990 - $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c |
|
991 -sha2.o: sha2.lo |
|
992 sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/alloc.h \ |
|
993 $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ |
|
994 $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ |
|
995 @@ -891,9 +889,9 @@ |
|
996 $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \ |
|
997 $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_debug.h \ |
|
998 $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ |
|
999 - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sha2.h \ |
|
1000 - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \ |
|
1001 - $(top_builddir)/config.h $(top_builddir)/pathnames.h \ |
|
1002 + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ |
|
1003 + $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \ |
|
1004 + $(top_builddir)/pathnames.h $(top_srcdir)/compat/sha2.h \ |
|
1005 $(top_srcdir)/compat/stdbool.h |
|
1006 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c |
|
1007 toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ |
|
1008 diff -urN sudo-1.8.9p5.old/plugins/sudoers/match.c sudo-1.8.9p5/plugins/sudoers/match.c |
|
1009 --- sudo-1.8.9p5.old/plugins/sudoers/match.c 2014-01-07 19:08:54.000000000 +0100 |
|
1010 +++ sudo-1.8.9p5/plugins/sudoers/match.c 2014-04-10 15:21:59.050793404 +0200 |
|
1011 @@ -88,7 +88,11 @@ |
|
1012 |
|
1013 #include "sudoers.h" |
|
1014 #include "parse.h" |
|
1015 -#include "sha2.h" |
|
1016 +#ifdef HAVE_SHA224UPDATE |
|
1017 +# include <sha2.h> |
|
1018 +#else |
|
1019 +# include "compat/sha2.h" |
|
1020 +#endif |
|
1021 #include <gram.h> |
|
1022 |
|
1023 static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); |
|
1024 @@ -562,8 +566,13 @@ |
|
1025 const char *digest_name; |
|
1026 const unsigned int digest_len; |
|
1027 void (*init)(SHA2_CTX *); |
|
1028 +#ifdef SHA2_VOID_PTR |
|
1029 + void (*update)(SHA2_CTX *, const void *, size_t); |
|
1030 + void (*final)(void *, SHA2_CTX *); |
|
1031 +#else |
|
1032 void (*update)(SHA2_CTX *, const unsigned char *, size_t); |
|
1033 void (*final)(unsigned char *, SHA2_CTX *); |
|
1034 +#endif |
|
1035 } digest_functions[] = { |
|
1036 { |
|
1037 "SHA224", |
|
1038 diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c |
|
1039 --- sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c 2014-01-07 19:08:52.000000000 +0100 |
|
1040 +++ sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c 2014-04-10 15:20:34.462897872 +0200 |
|
1041 @@ -39,9 +39,13 @@ |
|
1042 #elif defined(HAVE_INTTYPES_H) |
|
1043 # include <inttypes.h> |
|
1044 #endif |
|
1045 +#ifdef HAVE_SHA224UPDATE |
|
1046 +# include <sha2.h> |
|
1047 +#else |
|
1048 +# include "compat/sha2.h" |
|
1049 +#endif |
|
1050 |
|
1051 #include "missing.h" |
|
1052 -#include "sha2.h" |
|
1053 |
|
1054 __dso_public int main(int argc, char *argv[]); |
|
1055 |
|
1056 @@ -49,8 +53,13 @@ |
|
1057 const char *digest_name; |
|
1058 const int digest_len; |
|
1059 void (*init)(SHA2_CTX *); |
|
1060 +#ifdef SHA2_VOID_PTR |
|
1061 + void (*update)(SHA2_CTX *, const void *, size_t); |
|
1062 + void (*final)(void *, SHA2_CTX *); |
|
1063 +#else |
|
1064 void (*update)(SHA2_CTX *, const unsigned char *, size_t); |
|
1065 void (*final)(unsigned char *, SHA2_CTX *); |
|
1066 +#endif |
|
1067 } digest_functions[] = { |
|
1068 { |
|
1069 "SHA224", |
|
1070 diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok |
|
1071 --- sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok 2014-01-07 19:08:52.000000000 +0100 |
|
1072 +++ sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok 2014-04-10 15:20:34.463272107 +0200 |
|
1073 @@ -1,4 +1,4 @@ |
|
1074 -CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND |
|
1075 -CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND |
|
1076 +CMNDALIAS ALIAS = SHA224_TOK : DIGEST COMMAND |
|
1077 +CMNDALIAS ALIAS = SHA256_TOK : DIGEST COMMAND |
|
1078 |
|
1079 -WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND |
|
1080 +WORD(5) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND |
|
1081 diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.c sudo-1.8.9p5/plugins/sudoers/sha2.c |
|
1082 --- sudo-1.8.9p5.old/plugins/sudoers/sha2.c 2014-01-07 19:08:54.000000000 +0100 |
|
1083 +++ sudo-1.8.9p5/plugins/sudoers/sha2.c 1970-01-01 01:00:00.000000000 +0100 |
|
1084 @@ -1,526 +0,0 @@ |
|
1085 -/* |
|
1086 - * Copyright (c) 2013 Todd C. Miller <[email protected]> |
|
1087 - * |
|
1088 - * Permission to use, copy, modify, and distribute this software for any |
|
1089 - * purpose with or without fee is hereby granted, provided that the above |
|
1090 - * copyright notice and this permission notice appear in all copies. |
|
1091 - * |
|
1092 - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
1093 - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
1094 - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
|
1095 - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
1096 - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
1097 - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
1098 - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
1099 - */ |
|
1100 - |
|
1101 -/* |
|
1102 - * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 |
|
1103 - * as per FIPS 180-4: Secure Hash Standard (SHS) |
|
1104 - * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf |
|
1105 - * |
|
1106 - * Derived from the public domain SHA-1 and SHA-2 implementations |
|
1107 - * by Steve Reid and Wei Dai respectively. |
|
1108 - */ |
|
1109 - |
|
1110 -#include <config.h> |
|
1111 - |
|
1112 -#include <stdio.h> |
|
1113 -#ifdef STDC_HEADERS |
|
1114 -# include <stdlib.h> |
|
1115 -# include <stddef.h> |
|
1116 -#else |
|
1117 -# ifdef HAVE_STDLIB_H |
|
1118 -# include <stdlib.h> |
|
1119 -# endif |
|
1120 -#endif /* STDC_HEADERS */ |
|
1121 -#ifdef HAVE_STRING_H |
|
1122 -# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
|
1123 -# include <memory.h> |
|
1124 -# endif |
|
1125 -# include <string.h> |
|
1126 -#endif /* HAVE_STRING_H */ |
|
1127 -#ifdef HAVE_STRINGS_H |
|
1128 -# include <strings.h> |
|
1129 -#endif /* HAVE_STRINGS_H */ |
|
1130 -#if defined(HAVE_STDINT_H) |
|
1131 -# include <stdint.h> |
|
1132 -#elif defined(HAVE_INTTYPES_H) |
|
1133 -# include <inttypes.h> |
|
1134 -#endif |
|
1135 -#if defined(HAVE_ENDIAN_H) |
|
1136 -# include <endian.h> |
|
1137 -#elif defined(HAVE_SYS_ENDIAN_H) |
|
1138 -# include <sys/endian.h> |
|
1139 -#elif defined(HAVE_MACHINE_ENDIAN_H) |
|
1140 -# include <machine/endian.h> |
|
1141 -#else |
|
1142 -# include "compat/endian.h" |
|
1143 -#endif |
|
1144 - |
|
1145 -#include "missing.h" |
|
1146 -#include "sha2.h" |
|
1147 - |
|
1148 -/* |
|
1149 - * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. |
|
1150 - * The following macros convert between character arrays and big endian words. |
|
1151 - */ |
|
1152 -#define BE8TO32(x, y) do { \ |
|
1153 - (x) = (((uint32_t)((y)[0] & 255) << 24) | \ |
|
1154 - ((uint32_t)((y)[1] & 255) << 16) | \ |
|
1155 - ((uint32_t)((y)[2] & 255) << 8) | \ |
|
1156 - ((uint32_t)((y)[3] & 255))); \ |
|
1157 -} while (0) |
|
1158 - |
|
1159 -#define BE8TO64(x, y) do { \ |
|
1160 - (x) = (((uint64_t)((y)[0] & 255) << 56) | \ |
|
1161 - ((uint64_t)((y)[1] & 255) << 48) | \ |
|
1162 - ((uint64_t)((y)[2] & 255) << 40) | \ |
|
1163 - ((uint64_t)((y)[3] & 255) << 32) | \ |
|
1164 - ((uint64_t)((y)[4] & 255) << 24) | \ |
|
1165 - ((uint64_t)((y)[5] & 255) << 16) | \ |
|
1166 - ((uint64_t)((y)[6] & 255) << 8) | \ |
|
1167 - ((uint64_t)((y)[7] & 255))); \ |
|
1168 -} while (0) |
|
1169 - |
|
1170 -#define BE32TO8(x, y) do { \ |
|
1171 - (x)[0] = (uint8_t)(((y) >> 24) & 255); \ |
|
1172 - (x)[1] = (uint8_t)(((y) >> 16) & 255); \ |
|
1173 - (x)[2] = (uint8_t)(((y) >> 8) & 255); \ |
|
1174 - (x)[3] = (uint8_t)((y) & 255); \ |
|
1175 -} while (0) |
|
1176 - |
|
1177 -#define BE64TO8(x, y) do { \ |
|
1178 - (x)[0] = (uint8_t)(((y) >> 56) & 255); \ |
|
1179 - (x)[1] = (uint8_t)(((y) >> 48) & 255); \ |
|
1180 - (x)[2] = (uint8_t)(((y) >> 40) & 255); \ |
|
1181 - (x)[3] = (uint8_t)(((y) >> 32) & 255); \ |
|
1182 - (x)[4] = (uint8_t)(((y) >> 24) & 255); \ |
|
1183 - (x)[5] = (uint8_t)(((y) >> 16) & 255); \ |
|
1184 - (x)[6] = (uint8_t)(((y) >> 8) & 255); \ |
|
1185 - (x)[7] = (uint8_t)((y) & 255); \ |
|
1186 -} while (0) |
|
1187 - |
|
1188 -#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) |
|
1189 - |
|
1190 -#define blk0(i) (W[i]) |
|
1191 -#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) |
|
1192 - |
|
1193 -#define Ch(x,y,z) (z^(x&(y^z))) |
|
1194 -#define Maj(x,y,z) (y^((x^y)&(y^z))) |
|
1195 - |
|
1196 -#define a(i) T[(0-i)&7] |
|
1197 -#define b(i) T[(1-i)&7] |
|
1198 -#define c(i) T[(2-i)&7] |
|
1199 -#define d(i) T[(3-i)&7] |
|
1200 -#define e(i) T[(4-i)&7] |
|
1201 -#define f(i) T[(5-i)&7] |
|
1202 -#define g(i) T[(6-i)&7] |
|
1203 -#define h(i) T[(7-i)&7] |
|
1204 - |
|
1205 -void |
|
1206 -SHA224Init(SHA2_CTX *ctx) |
|
1207 -{ |
|
1208 - memset(ctx, 0, sizeof(*ctx)); |
|
1209 - ctx->state.st32[0] = 0xc1059ed8UL; |
|
1210 - ctx->state.st32[1] = 0x367cd507UL; |
|
1211 - ctx->state.st32[2] = 0x3070dd17UL; |
|
1212 - ctx->state.st32[3] = 0xf70e5939UL; |
|
1213 - ctx->state.st32[4] = 0xffc00b31UL; |
|
1214 - ctx->state.st32[5] = 0x68581511UL; |
|
1215 - ctx->state.st32[6] = 0x64f98fa7UL; |
|
1216 - ctx->state.st32[7] = 0xbefa4fa4UL; |
|
1217 -} |
|
1218 - |
|
1219 -void |
|
1220 -SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) |
|
1221 -{ |
|
1222 - SHA256Transform(state, buffer); |
|
1223 -} |
|
1224 - |
|
1225 -void |
|
1226 -SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
1227 -{ |
|
1228 - SHA256Update(ctx, data, len); |
|
1229 -} |
|
1230 - |
|
1231 -void |
|
1232 -SHA224Pad(SHA2_CTX *ctx) |
|
1233 -{ |
|
1234 - SHA256Pad(ctx); |
|
1235 -} |
|
1236 - |
|
1237 -void |
|
1238 -SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
1239 -{ |
|
1240 - SHA256Pad(ctx); |
|
1241 - if (digest != NULL) { |
|
1242 -#if BYTE_ORDER == BIG_ENDIAN |
|
1243 - memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); |
|
1244 -#else |
|
1245 - unsigned int i; |
|
1246 - |
|
1247 - for (i = 0; i < 7; i++) |
|
1248 - BE32TO8(digest + (i * 4), ctx->state.st32[i]); |
|
1249 -#endif |
|
1250 - memset(ctx, 0, sizeof(*ctx)); |
|
1251 - } |
|
1252 -} |
|
1253 - |
|
1254 -static const uint32_t SHA256_K[64] = { |
|
1255 - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, |
|
1256 - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, |
|
1257 - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, |
|
1258 - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, |
|
1259 - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, |
|
1260 - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, |
|
1261 - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, |
|
1262 - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, |
|
1263 - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, |
|
1264 - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, |
|
1265 - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, |
|
1266 - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, |
|
1267 - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, |
|
1268 - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, |
|
1269 - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, |
|
1270 - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL |
|
1271 -}; |
|
1272 - |
|
1273 -void |
|
1274 -SHA256Init(SHA2_CTX *ctx) |
|
1275 -{ |
|
1276 - memset(ctx, 0, sizeof(*ctx)); |
|
1277 - ctx->state.st32[0] = 0x6a09e667UL; |
|
1278 - ctx->state.st32[1] = 0xbb67ae85UL; |
|
1279 - ctx->state.st32[2] = 0x3c6ef372UL; |
|
1280 - ctx->state.st32[3] = 0xa54ff53aUL; |
|
1281 - ctx->state.st32[4] = 0x510e527fUL; |
|
1282 - ctx->state.st32[5] = 0x9b05688cUL; |
|
1283 - ctx->state.st32[6] = 0x1f83d9abUL; |
|
1284 - ctx->state.st32[7] = 0x5be0cd19UL; |
|
1285 -} |
|
1286 - |
|
1287 -/* Round macros for SHA256 */ |
|
1288 -#define R(i) do { \ |
|
1289 - h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ |
|
1290 - d(i)+=h(i); \ |
|
1291 - h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ |
|
1292 -} while (0) |
|
1293 - |
|
1294 -#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) |
|
1295 -#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) |
|
1296 -#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) |
|
1297 -#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) |
|
1298 - |
|
1299 -void |
|
1300 -SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) |
|
1301 -{ |
|
1302 - uint32_t W[16]; |
|
1303 - uint32_t T[8]; |
|
1304 - unsigned int j; |
|
1305 - |
|
1306 - /* Copy context state to working vars. */ |
|
1307 - memcpy(T, state, sizeof(T)); |
|
1308 - /* Copy data to W in big endian format. */ |
|
1309 -#if BYTE_ORDER == BIG_ENDIAN |
|
1310 - memcpy(W, data, sizeof(W)); |
|
1311 -#else |
|
1312 - for (j = 0; j < 16; j++) { |
|
1313 - BE8TO32(W[j], data); |
|
1314 - data += 4; |
|
1315 - } |
|
1316 -#endif |
|
1317 - /* 64 operations, partially loop unrolled. */ |
|
1318 - for (j = 0; j < 64; j += 16) |
|
1319 - { |
|
1320 - R( 0); R( 1); R( 2); R( 3); |
|
1321 - R( 4); R( 5); R( 6); R( 7); |
|
1322 - R( 8); R( 9); R(10); R(11); |
|
1323 - R(12); R(13); R(14); R(15); |
|
1324 - } |
|
1325 - /* Add the working vars back into context state. */ |
|
1326 - state[0] += a(0); |
|
1327 - state[1] += b(0); |
|
1328 - state[2] += c(0); |
|
1329 - state[3] += d(0); |
|
1330 - state[4] += e(0); |
|
1331 - state[5] += f(0); |
|
1332 - state[6] += g(0); |
|
1333 - state[7] += h(0); |
|
1334 - /* Cleanup */ |
|
1335 - memset_s(T, sizeof(T), 0, sizeof(T)); |
|
1336 - memset_s(W, sizeof(W), 0, sizeof(W)); |
|
1337 -} |
|
1338 - |
|
1339 -#undef S0 |
|
1340 -#undef S1 |
|
1341 -#undef s0 |
|
1342 -#undef s1 |
|
1343 -#undef R |
|
1344 - |
|
1345 -void |
|
1346 -SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
1347 -{ |
|
1348 - size_t i = 0, j; |
|
1349 - |
|
1350 - j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); |
|
1351 - ctx->count[0] += (len << 3); |
|
1352 - if ((j + len) > SHA256_BLOCK_LENGTH - 1) { |
|
1353 - memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); |
|
1354 - SHA256Transform(ctx->state.st32, ctx->buffer); |
|
1355 - for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) |
|
1356 - SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); |
|
1357 - j = 0; |
|
1358 - } |
|
1359 - memcpy(&ctx->buffer[j], &data[i], len - i); |
|
1360 -} |
|
1361 - |
|
1362 -void |
|
1363 -SHA256Pad(SHA2_CTX *ctx) |
|
1364 -{ |
|
1365 - uint8_t finalcount[8]; |
|
1366 - |
|
1367 - /* Store unpadded message length in bits in big endian format. */ |
|
1368 - BE64TO8(finalcount, ctx->count[0]); |
|
1369 - |
|
1370 - /* Append a '1' bit (0x80) to the message. */ |
|
1371 - SHA256Update(ctx, (uint8_t *)"\200", 1); |
|
1372 - |
|
1373 - /* Pad message such that the resulting length modulo 512 is 448. */ |
|
1374 - while ((ctx->count[0] & 504) != 448) |
|
1375 - SHA256Update(ctx, (uint8_t *)"\0", 1); |
|
1376 - |
|
1377 - /* Append length of message in bits and do final SHA256Transform(). */ |
|
1378 - SHA256Update(ctx, finalcount, sizeof(finalcount)); |
|
1379 -} |
|
1380 - |
|
1381 -void |
|
1382 -SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
1383 -{ |
|
1384 - SHA256Pad(ctx); |
|
1385 - if (digest != NULL) { |
|
1386 -#if BYTE_ORDER == BIG_ENDIAN |
|
1387 - memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); |
|
1388 -#else |
|
1389 - unsigned int i; |
|
1390 - |
|
1391 - for (i = 0; i < 8; i++) |
|
1392 - BE32TO8(digest + (i * 4), ctx->state.st32[i]); |
|
1393 -#endif |
|
1394 - memset(ctx, 0, sizeof(*ctx)); |
|
1395 - } |
|
1396 -} |
|
1397 - |
|
1398 -void |
|
1399 -SHA384Init(SHA2_CTX *ctx) |
|
1400 -{ |
|
1401 - memset(ctx, 0, sizeof(*ctx)); |
|
1402 - ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; |
|
1403 - ctx->state.st64[1] = 0x629a292a367cd507ULL; |
|
1404 - ctx->state.st64[2] = 0x9159015a3070dd17ULL; |
|
1405 - ctx->state.st64[3] = 0x152fecd8f70e5939ULL; |
|
1406 - ctx->state.st64[4] = 0x67332667ffc00b31ULL; |
|
1407 - ctx->state.st64[5] = 0x8eb44a8768581511ULL; |
|
1408 - ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; |
|
1409 - ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; |
|
1410 -} |
|
1411 - |
|
1412 -void |
|
1413 -SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) |
|
1414 -{ |
|
1415 - SHA512Transform(state, data); |
|
1416 -} |
|
1417 - |
|
1418 -void |
|
1419 -SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
1420 -{ |
|
1421 - SHA512Update(ctx, data, len); |
|
1422 -} |
|
1423 - |
|
1424 -void |
|
1425 -SHA384Pad(SHA2_CTX *ctx) |
|
1426 -{ |
|
1427 - SHA512Pad(ctx); |
|
1428 -} |
|
1429 - |
|
1430 -void |
|
1431 -SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
1432 -{ |
|
1433 - SHA384Pad(ctx); |
|
1434 - if (digest != NULL) { |
|
1435 -#if BYTE_ORDER == BIG_ENDIAN |
|
1436 - memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); |
|
1437 -#else |
|
1438 - unsigned int i; |
|
1439 - |
|
1440 - for (i = 0; i < 6; i++) |
|
1441 - BE64TO8(digest + (i * 8), ctx->state.st64[i]); |
|
1442 -#endif |
|
1443 - memset(ctx, 0, sizeof(*ctx)); |
|
1444 - } |
|
1445 -} |
|
1446 - |
|
1447 -static const uint64_t SHA512_K[80] = { |
|
1448 - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, |
|
1449 - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, |
|
1450 - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, |
|
1451 - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, |
|
1452 - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, |
|
1453 - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, |
|
1454 - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, |
|
1455 - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, |
|
1456 - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, |
|
1457 - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, |
|
1458 - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, |
|
1459 - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, |
|
1460 - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, |
|
1461 - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, |
|
1462 - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, |
|
1463 - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, |
|
1464 - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, |
|
1465 - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, |
|
1466 - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, |
|
1467 - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, |
|
1468 - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, |
|
1469 - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, |
|
1470 - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, |
|
1471 - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, |
|
1472 - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, |
|
1473 - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, |
|
1474 - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, |
|
1475 - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, |
|
1476 - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, |
|
1477 - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, |
|
1478 - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, |
|
1479 - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, |
|
1480 - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, |
|
1481 - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, |
|
1482 - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, |
|
1483 - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, |
|
1484 - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, |
|
1485 - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, |
|
1486 - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, |
|
1487 - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL |
|
1488 -}; |
|
1489 - |
|
1490 -void |
|
1491 -SHA512Init(SHA2_CTX *ctx) |
|
1492 -{ |
|
1493 - memset(ctx, 0, sizeof(*ctx)); |
|
1494 - ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; |
|
1495 - ctx->state.st64[1] = 0xbb67ae8584caa73bULL; |
|
1496 - ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; |
|
1497 - ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; |
|
1498 - ctx->state.st64[4] = 0x510e527fade682d1ULL; |
|
1499 - ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; |
|
1500 - ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; |
|
1501 - ctx->state.st64[7] = 0x5be0cd19137e2179ULL; |
|
1502 -} |
|
1503 - |
|
1504 -/* Round macros for SHA512 */ |
|
1505 -#define R(i) do { \ |
|
1506 - h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ |
|
1507 - d(i)+=h(i); \ |
|
1508 - h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ |
|
1509 -} while (0) |
|
1510 - |
|
1511 -#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) |
|
1512 -#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) |
|
1513 -#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) |
|
1514 -#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) |
|
1515 - |
|
1516 -void |
|
1517 -SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) |
|
1518 -{ |
|
1519 - uint64_t W[16]; |
|
1520 - uint64_t T[8]; |
|
1521 - unsigned int j; |
|
1522 - |
|
1523 - /* Copy context state to working vars. */ |
|
1524 - memcpy(T, state, sizeof(T)); |
|
1525 - /* Copy data to W in big endian format. */ |
|
1526 -#if BYTE_ORDER == BIG_ENDIAN |
|
1527 - memcpy(W, data, sizeof(W)); |
|
1528 -#else |
|
1529 - for (j = 0; j < 16; j++) { |
|
1530 - BE8TO64(W[j], data); |
|
1531 - data += 8; |
|
1532 - } |
|
1533 -#endif |
|
1534 - /* 80 operations, partially loop unrolled. */ |
|
1535 - for (j = 0; j < 80; j += 16) |
|
1536 - { |
|
1537 - R( 0); R( 1); R( 2); R( 3); |
|
1538 - R( 4); R( 5); R( 6); R( 7); |
|
1539 - R( 8); R( 9); R(10); R(11); |
|
1540 - R(12); R(13); R(14); R(15); |
|
1541 - } |
|
1542 - /* Add the working vars back into context state. */ |
|
1543 - state[0] += a(0); |
|
1544 - state[1] += b(0); |
|
1545 - state[2] += c(0); |
|
1546 - state[3] += d(0); |
|
1547 - state[4] += e(0); |
|
1548 - state[5] += f(0); |
|
1549 - state[6] += g(0); |
|
1550 - state[7] += h(0); |
|
1551 - /* Cleanup. */ |
|
1552 - memset_s(T, sizeof(T), 0, sizeof(T)); |
|
1553 - memset_s(W, sizeof(W), 0, sizeof(W)); |
|
1554 -} |
|
1555 - |
|
1556 -void |
|
1557 -SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) |
|
1558 -{ |
|
1559 - size_t i = 0, j; |
|
1560 - |
|
1561 - j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); |
|
1562 - ctx->count[0] += (len << 3); |
|
1563 - if (ctx->count[0] < (len << 3)) |
|
1564 - ctx->count[1]++; |
|
1565 - if ((j + len) > SHA512_BLOCK_LENGTH - 1) { |
|
1566 - memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); |
|
1567 - SHA512Transform(ctx->state.st64, ctx->buffer); |
|
1568 - for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) |
|
1569 - SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); |
|
1570 - j = 0; |
|
1571 - } |
|
1572 - memcpy(&ctx->buffer[j], &data[i], len - i); |
|
1573 -} |
|
1574 - |
|
1575 -void |
|
1576 -SHA512Pad(SHA2_CTX *ctx) |
|
1577 -{ |
|
1578 - uint8_t finalcount[16]; |
|
1579 - |
|
1580 - /* Store unpadded message length in bits in big endian format. */ |
|
1581 - BE64TO8(finalcount, ctx->count[1]); |
|
1582 - BE64TO8(finalcount + 8, ctx->count[0]); |
|
1583 - |
|
1584 - /* Append a '1' bit (0x80) to the message. */ |
|
1585 - SHA512Update(ctx, (uint8_t *)"\200", 1); |
|
1586 - |
|
1587 - /* Pad message such that the resulting length modulo 1024 is 896. */ |
|
1588 - while ((ctx->count[0] & 1008) != 896) |
|
1589 - SHA512Update(ctx, (uint8_t *)"\0", 1); |
|
1590 - |
|
1591 - /* Append length of message in bits and do final SHA512Transform(). */ |
|
1592 - SHA512Update(ctx, finalcount, sizeof(finalcount)); |
|
1593 -} |
|
1594 - |
|
1595 -void |
|
1596 -SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) |
|
1597 -{ |
|
1598 - SHA512Pad(ctx); |
|
1599 - if (digest != NULL) { |
|
1600 -#if BYTE_ORDER == BIG_ENDIAN |
|
1601 - memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); |
|
1602 -#else |
|
1603 - unsigned int i; |
|
1604 - |
|
1605 - for (i = 0; i < 8; i++) |
|
1606 - BE64TO8(digest + (i * 8), ctx->state.st64[i]); |
|
1607 -#endif |
|
1608 - memset(ctx, 0, sizeof(*ctx)); |
|
1609 - } |
|
1610 -} |
|
1611 diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.h sudo-1.8.9p5/plugins/sudoers/sha2.h |
|
1612 --- sudo-1.8.9p5.old/plugins/sudoers/sha2.h 2014-01-07 19:08:54.000000000 +0100 |
|
1613 +++ sudo-1.8.9p5/plugins/sudoers/sha2.h 1970-01-01 01:00:00.000000000 +0100 |
|
1614 @@ -1,74 +0,0 @@ |
|
1615 -/* |
|
1616 - * Copyright (c) 2013 Todd C. Miller <[email protected]> |
|
1617 - * |
|
1618 - * Permission to use, copy, modify, and distribute this software for any |
|
1619 - * purpose with or without fee is hereby granted, provided that the above |
|
1620 - * copyright notice and this permission notice appear in all copies. |
|
1621 - * |
|
1622 - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
1623 - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
1624 - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
|
1625 - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
1626 - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
1627 - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
1628 - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
1629 - */ |
|
1630 - |
|
1631 -/* |
|
1632 - * Derived from the public domain SHA-1 and SHA-2 implementations |
|
1633 - * by Steve Reid and Wei Dai respectively. |
|
1634 - */ |
|
1635 - |
|
1636 -#ifndef _SUDOERS_SHA2_H |
|
1637 -#define _SUDOERS_SHA2_H |
|
1638 - |
|
1639 -#define SHA224_BLOCK_LENGTH 64 |
|
1640 -#define SHA224_DIGEST_LENGTH 28 |
|
1641 -#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) |
|
1642 - |
|
1643 -#define SHA256_BLOCK_LENGTH 64 |
|
1644 -#define SHA256_DIGEST_LENGTH 32 |
|
1645 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) |
|
1646 - |
|
1647 -#define SHA384_BLOCK_LENGTH 128 |
|
1648 -#define SHA384_DIGEST_LENGTH 48 |
|
1649 -#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) |
|
1650 - |
|
1651 -#define SHA512_BLOCK_LENGTH 128 |
|
1652 -#define SHA512_DIGEST_LENGTH 64 |
|
1653 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) |
|
1654 - |
|
1655 -typedef struct { |
|
1656 - union { |
|
1657 - uint32_t st32[8]; /* sha224 and sha256 */ |
|
1658 - uint64_t st64[8]; /* sha384 and sha512 */ |
|
1659 - } state; |
|
1660 - uint64_t count[2]; |
|
1661 - uint8_t buffer[SHA512_BLOCK_LENGTH]; |
|
1662 -} SHA2_CTX; |
|
1663 - |
|
1664 -void SHA224Init(SHA2_CTX *ctx); |
|
1665 -void SHA224Pad(SHA2_CTX *ctx); |
|
1666 -void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); |
|
1667 -void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
1668 -void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
1669 - |
|
1670 -void SHA256Init(SHA2_CTX *ctx); |
|
1671 -void SHA256Pad(SHA2_CTX *ctx); |
|
1672 -void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); |
|
1673 -void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
1674 -void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
1675 - |
|
1676 -void SHA384Init(SHA2_CTX *ctx); |
|
1677 -void SHA384Pad(SHA2_CTX *ctx); |
|
1678 -void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); |
|
1679 -void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
1680 -void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
1681 - |
|
1682 -void SHA512Init(SHA2_CTX *ctx); |
|
1683 -void SHA512Pad(SHA2_CTX *ctx); |
|
1684 -void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); |
|
1685 -void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); |
|
1686 -void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); |
|
1687 - |
|
1688 -#endif /* _SUDOERS_SHA2_H */ |
|
1689 diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.c sudo-1.8.9p5/plugins/sudoers/toke.c |
|
1690 --- sudo-1.8.9p5.old/plugins/sudoers/toke.c 2014-01-07 19:08:50.000000000 +0100 |
|
1691 +++ sudo-1.8.9p5/plugins/sudoers/toke.c 2014-04-10 15:20:34.466936711 +0200 |
|
1692 @@ -1997,6 +1997,11 @@ |
|
1693 # include <ndir.h> |
|
1694 # endif |
|
1695 #endif |
|
1696 +#ifdef HAVE_SHA224UPDATE |
|
1697 +# include <sha2.h> |
|
1698 +#else |
|
1699 +# include "compat/sha2.h" |
|
1700 +#endif |
|
1701 #include <errno.h> |
|
1702 #include <ctype.h> |
|
1703 #include "sudoers.h" |
|
1704 @@ -2004,7 +2009,6 @@ |
|
1705 #include "toke.h" |
|
1706 #include <gram.h> |
|
1707 #include "lbuf.h" |
|
1708 -#include "sha2.h" |
|
1709 #include "secure_path.h" |
|
1710 |
|
1711 int sudolineno; /* current sudoers line number. */ |
|
1712 @@ -2050,7 +2054,7 @@ |
|
1713 |
|
1714 #define WANTDIGEST 6 |
|
1715 |
|
1716 -#line 2053 "lex.sudoers.c" |
|
1717 +#line 2057 "lex.sudoers.c" |
|
1718 |
|
1719 /* Macros after this point can all be overridden by user definitions in |
|
1720 * section 1. |
|
1721 @@ -2204,9 +2208,9 @@ |
|
1722 register char *yy_cp, *yy_bp; |
|
1723 register int yy_act; |
|
1724 |
|
1725 -#line 137 "toke.l" |
|
1726 +#line 141 "toke.l" |
|
1727 |
|
1728 -#line 2209 "lex.sudoers.c" |
|
1729 +#line 2213 "lex.sudoers.c" |
|
1730 |
|
1731 if ( yy_init ) |
|
1732 { |
|
1733 @@ -2292,7 +2296,7 @@ |
|
1734 |
|
1735 case 1: |
|
1736 YY_RULE_SETUP |
|
1737 -#line 138 "toke.l" |
|
1738 +#line 142 "toke.l" |
|
1739 { |
|
1740 LEXTRACE(", "); |
|
1741 LEXRETURN(','); |
|
1742 @@ -2300,12 +2304,12 @@ |
|
1743 YY_BREAK |
|
1744 case 2: |
|
1745 YY_RULE_SETUP |
|
1746 -#line 143 "toke.l" |
|
1747 +#line 147 "toke.l" |
|
1748 BEGIN STARTDEFS; |
|
1749 YY_BREAK |
|
1750 case 3: |
|
1751 YY_RULE_SETUP |
|
1752 -#line 145 "toke.l" |
|
1753 +#line 149 "toke.l" |
|
1754 { |
|
1755 BEGIN INDEFS; |
|
1756 LEXTRACE("DEFVAR "); |
|
1757 @@ -2317,7 +2321,7 @@ |
|
1758 |
|
1759 case 4: |
|
1760 YY_RULE_SETUP |
|
1761 -#line 154 "toke.l" |
|
1762 +#line 158 "toke.l" |
|
1763 { |
|
1764 BEGIN STARTDEFS; |
|
1765 LEXTRACE(", "); |
|
1766 @@ -2326,7 +2330,7 @@ |
|
1767 YY_BREAK |
|
1768 case 5: |
|
1769 YY_RULE_SETUP |
|
1770 -#line 160 "toke.l" |
|
1771 +#line 164 "toke.l" |
|
1772 { |
|
1773 LEXTRACE("= "); |
|
1774 LEXRETURN('='); |
|
1775 @@ -2334,7 +2338,7 @@ |
|
1776 YY_BREAK |
|
1777 case 6: |
|
1778 YY_RULE_SETUP |
|
1779 -#line 165 "toke.l" |
|
1780 +#line 169 "toke.l" |
|
1781 { |
|
1782 LEXTRACE("+= "); |
|
1783 LEXRETURN('+'); |
|
1784 @@ -2342,7 +2346,7 @@ |
|
1785 YY_BREAK |
|
1786 case 7: |
|
1787 YY_RULE_SETUP |
|
1788 -#line 170 "toke.l" |
|
1789 +#line 174 "toke.l" |
|
1790 { |
|
1791 LEXTRACE("-= "); |
|
1792 LEXRETURN('-'); |
|
1793 @@ -2350,7 +2354,7 @@ |
|
1794 YY_BREAK |
|
1795 case 8: |
|
1796 YY_RULE_SETUP |
|
1797 -#line 175 "toke.l" |
|
1798 +#line 179 "toke.l" |
|
1799 { |
|
1800 LEXTRACE("BEGINSTR "); |
|
1801 sudoerslval.string = NULL; |
|
1802 @@ -2360,7 +2364,7 @@ |
|
1803 YY_BREAK |
|
1804 case 9: |
|
1805 YY_RULE_SETUP |
|
1806 -#line 182 "toke.l" |
|
1807 +#line 186 "toke.l" |
|
1808 { |
|
1809 LEXTRACE("WORD(2) "); |
|
1810 if (!fill(sudoerstext, sudoersleng)) |
|
1811 @@ -2372,7 +2376,7 @@ |
|
1812 |
|
1813 case 10: |
|
1814 YY_RULE_SETUP |
|
1815 -#line 191 "toke.l" |
|
1816 +#line 195 "toke.l" |
|
1817 { |
|
1818 /* Line continuation char followed by newline. */ |
|
1819 sudolineno++; |
|
1820 @@ -2381,7 +2385,7 @@ |
|
1821 YY_BREAK |
|
1822 case 11: |
|
1823 YY_RULE_SETUP |
|
1824 -#line 197 "toke.l" |
|
1825 +#line 201 "toke.l" |
|
1826 { |
|
1827 LEXTRACE("ENDSTR "); |
|
1828 BEGIN prev_state; |
|
1829 @@ -2416,7 +2420,7 @@ |
|
1830 YY_BREAK |
|
1831 case 12: |
|
1832 YY_RULE_SETUP |
|
1833 -#line 229 "toke.l" |
|
1834 +#line 233 "toke.l" |
|
1835 { |
|
1836 LEXTRACE("BACKSLASH "); |
|
1837 if (!append(sudoerstext, sudoersleng)) |
|
1838 @@ -2425,7 +2429,7 @@ |
|
1839 YY_BREAK |
|
1840 case 13: |
|
1841 YY_RULE_SETUP |
|
1842 -#line 235 "toke.l" |
|
1843 +#line 239 "toke.l" |
|
1844 { |
|
1845 LEXTRACE("STRBODY "); |
|
1846 if (!append(sudoerstext, sudoersleng)) |
|
1847 @@ -2436,7 +2440,7 @@ |
|
1848 |
|
1849 case 14: |
|
1850 YY_RULE_SETUP |
|
1851 -#line 243 "toke.l" |
|
1852 +#line 247 "toke.l" |
|
1853 { |
|
1854 /* quoted fnmatch glob char, pass verbatim */ |
|
1855 LEXTRACE("QUOTEDCHAR "); |
|
1856 @@ -2447,7 +2451,7 @@ |
|
1857 YY_BREAK |
|
1858 case 15: |
|
1859 YY_RULE_SETUP |
|
1860 -#line 251 "toke.l" |
|
1861 +#line 255 "toke.l" |
|
1862 { |
|
1863 /* quoted sudoers special char, strip backslash */ |
|
1864 LEXTRACE("QUOTEDCHAR "); |
|
1865 @@ -2458,7 +2462,7 @@ |
|
1866 YY_BREAK |
|
1867 case 16: |
|
1868 YY_RULE_SETUP |
|
1869 -#line 259 "toke.l" |
|
1870 +#line 263 "toke.l" |
|
1871 { |
|
1872 BEGIN INITIAL; |
|
1873 yyless(0); |
|
1874 @@ -2467,7 +2471,7 @@ |
|
1875 YY_BREAK |
|
1876 case 17: |
|
1877 YY_RULE_SETUP |
|
1878 -#line 265 "toke.l" |
|
1879 +#line 269 "toke.l" |
|
1880 { |
|
1881 LEXTRACE("ARG "); |
|
1882 if (!fill_args(sudoerstext, sudoersleng, sawspace)) |
|
1883 @@ -2478,7 +2482,7 @@ |
|
1884 |
|
1885 case 18: |
|
1886 YY_RULE_SETUP |
|
1887 -#line 273 "toke.l" |
|
1888 +#line 277 "toke.l" |
|
1889 { |
|
1890 /* Only return DIGEST if the length is correct. */ |
|
1891 if (sudoersleng == digest_len * 2) { |
|
1892 @@ -2494,7 +2498,7 @@ |
|
1893 YY_BREAK |
|
1894 case 19: |
|
1895 YY_RULE_SETUP |
|
1896 -#line 286 "toke.l" |
|
1897 +#line 290 "toke.l" |
|
1898 { |
|
1899 /* Only return DIGEST if the length is correct. */ |
|
1900 int len; |
|
1901 @@ -2518,7 +2522,7 @@ |
|
1902 YY_BREAK |
|
1903 case 20: |
|
1904 YY_RULE_SETUP |
|
1905 -#line 307 "toke.l" |
|
1906 +#line 311 "toke.l" |
|
1907 { |
|
1908 char *path; |
|
1909 |
|
1910 @@ -2539,7 +2543,7 @@ |
|
1911 YY_BREAK |
|
1912 case 21: |
|
1913 YY_RULE_SETUP |
|
1914 -#line 325 "toke.l" |
|
1915 +#line 329 "toke.l" |
|
1916 { |
|
1917 char *path; |
|
1918 |
|
1919 @@ -2563,7 +2567,7 @@ |
|
1920 YY_BREAK |
|
1921 case 22: |
|
1922 YY_RULE_SETUP |
|
1923 -#line 346 "toke.l" |
|
1924 +#line 350 "toke.l" |
|
1925 { |
|
1926 char deftype; |
|
1927 int n; |
|
1928 @@ -2606,7 +2610,7 @@ |
|
1929 YY_BREAK |
|
1930 case 23: |
|
1931 YY_RULE_SETUP |
|
1932 -#line 386 "toke.l" |
|
1933 +#line 390 "toke.l" |
|
1934 { |
|
1935 int n; |
|
1936 |
|
1937 @@ -2635,7 +2639,7 @@ |
|
1938 YY_BREAK |
|
1939 case 24: |
|
1940 YY_RULE_SETUP |
|
1941 -#line 412 "toke.l" |
|
1942 +#line 416 "toke.l" |
|
1943 { |
|
1944 /* cmnd does not require passwd for this user */ |
|
1945 LEXTRACE("NOPASSWD "); |
|
1946 @@ -2644,7 +2648,7 @@ |
|
1947 YY_BREAK |
|
1948 case 25: |
|
1949 YY_RULE_SETUP |
|
1950 -#line 418 "toke.l" |
|
1951 +#line 422 "toke.l" |
|
1952 { |
|
1953 /* cmnd requires passwd for this user */ |
|
1954 LEXTRACE("PASSWD "); |
|
1955 @@ -2653,7 +2657,7 @@ |
|
1956 YY_BREAK |
|
1957 case 26: |
|
1958 YY_RULE_SETUP |
|
1959 -#line 424 "toke.l" |
|
1960 +#line 428 "toke.l" |
|
1961 { |
|
1962 LEXTRACE("NOEXEC "); |
|
1963 LEXRETURN(NOEXEC); |
|
1964 @@ -2661,7 +2665,7 @@ |
|
1965 YY_BREAK |
|
1966 case 27: |
|
1967 YY_RULE_SETUP |
|
1968 -#line 429 "toke.l" |
|
1969 +#line 433 "toke.l" |
|
1970 { |
|
1971 LEXTRACE("EXEC "); |
|
1972 LEXRETURN(EXEC); |
|
1973 @@ -2669,7 +2673,7 @@ |
|
1974 YY_BREAK |
|
1975 case 28: |
|
1976 YY_RULE_SETUP |
|
1977 -#line 434 "toke.l" |
|
1978 +#line 438 "toke.l" |
|
1979 { |
|
1980 LEXTRACE("SETENV "); |
|
1981 LEXRETURN(SETENV); |
|
1982 @@ -2677,7 +2681,7 @@ |
|
1983 YY_BREAK |
|
1984 case 29: |
|
1985 YY_RULE_SETUP |
|
1986 -#line 439 "toke.l" |
|
1987 +#line 443 "toke.l" |
|
1988 { |
|
1989 LEXTRACE("NOSETENV "); |
|
1990 LEXRETURN(NOSETENV); |
|
1991 @@ -2685,7 +2689,7 @@ |
|
1992 YY_BREAK |
|
1993 case 30: |
|
1994 YY_RULE_SETUP |
|
1995 -#line 444 "toke.l" |
|
1996 +#line 448 "toke.l" |
|
1997 { |
|
1998 LEXTRACE("LOG_OUTPUT "); |
|
1999 LEXRETURN(LOG_OUTPUT); |
|
2000 @@ -2693,7 +2697,7 @@ |
|
2001 YY_BREAK |
|
2002 case 31: |
|
2003 YY_RULE_SETUP |
|
2004 -#line 449 "toke.l" |
|
2005 +#line 453 "toke.l" |
|
2006 { |
|
2007 LEXTRACE("NOLOG_OUTPUT "); |
|
2008 LEXRETURN(NOLOG_OUTPUT); |
|
2009 @@ -2701,7 +2705,7 @@ |
|
2010 YY_BREAK |
|
2011 case 32: |
|
2012 YY_RULE_SETUP |
|
2013 -#line 454 "toke.l" |
|
2014 +#line 458 "toke.l" |
|
2015 { |
|
2016 LEXTRACE("LOG_INPUT "); |
|
2017 LEXRETURN(LOG_INPUT); |
|
2018 @@ -2709,7 +2713,7 @@ |
|
2019 YY_BREAK |
|
2020 case 33: |
|
2021 YY_RULE_SETUP |
|
2022 -#line 459 "toke.l" |
|
2023 +#line 463 "toke.l" |
|
2024 { |
|
2025 LEXTRACE("NOLOG_INPUT "); |
|
2026 LEXRETURN(NOLOG_INPUT); |
|
2027 @@ -2717,7 +2721,7 @@ |
|
2028 YY_BREAK |
|
2029 case 34: |
|
2030 YY_RULE_SETUP |
|
2031 -#line 464 "toke.l" |
|
2032 +#line 468 "toke.l" |
|
2033 { |
|
2034 /* empty group or netgroup */ |
|
2035 LEXTRACE("ERROR "); |
|
2036 @@ -2726,7 +2730,7 @@ |
|
2037 YY_BREAK |
|
2038 case 35: |
|
2039 YY_RULE_SETUP |
|
2040 -#line 470 "toke.l" |
|
2041 +#line 474 "toke.l" |
|
2042 { |
|
2043 /* netgroup */ |
|
2044 if (!fill(sudoerstext, sudoersleng)) |
|
2045 @@ -2737,7 +2741,7 @@ |
|
2046 YY_BREAK |
|
2047 case 36: |
|
2048 YY_RULE_SETUP |
|
2049 -#line 478 "toke.l" |
|
2050 +#line 482 "toke.l" |
|
2051 { |
|
2052 /* group */ |
|
2053 if (!fill(sudoerstext, sudoersleng)) |
|
2054 @@ -2748,7 +2752,7 @@ |
|
2055 YY_BREAK |
|
2056 case 37: |
|
2057 YY_RULE_SETUP |
|
2058 -#line 486 "toke.l" |
|
2059 +#line 490 "toke.l" |
|
2060 { |
|
2061 if (!fill(sudoerstext, sudoersleng)) |
|
2062 yyterminate(); |
|
2063 @@ -2758,7 +2762,7 @@ |
|
2064 YY_BREAK |
|
2065 case 38: |
|
2066 YY_RULE_SETUP |
|
2067 -#line 493 "toke.l" |
|
2068 +#line 497 "toke.l" |
|
2069 { |
|
2070 if (!fill(sudoerstext, sudoersleng)) |
|
2071 yyterminate(); |
|
2072 @@ -2768,7 +2772,7 @@ |
|
2073 YY_BREAK |
|
2074 case 39: |
|
2075 YY_RULE_SETUP |
|
2076 -#line 500 "toke.l" |
|
2077 +#line 504 "toke.l" |
|
2078 { |
|
2079 if (!ipv6_valid(sudoerstext)) { |
|
2080 LEXTRACE("ERROR "); |
|
2081 @@ -2782,7 +2786,7 @@ |
|
2082 YY_BREAK |
|
2083 case 40: |
|
2084 YY_RULE_SETUP |
|
2085 -#line 511 "toke.l" |
|
2086 +#line 515 "toke.l" |
|
2087 { |
|
2088 if (!ipv6_valid(sudoerstext)) { |
|
2089 LEXTRACE("ERROR "); |
|
2090 @@ -2796,7 +2800,7 @@ |
|
2091 YY_BREAK |
|
2092 case 41: |
|
2093 YY_RULE_SETUP |
|
2094 -#line 522 "toke.l" |
|
2095 +#line 526 "toke.l" |
|
2096 { |
|
2097 LEXTRACE("ALL "); |
|
2098 LEXRETURN(ALL); |
|
2099 @@ -2805,7 +2809,7 @@ |
|
2100 YY_BREAK |
|
2101 case 42: |
|
2102 YY_RULE_SETUP |
|
2103 -#line 528 "toke.l" |
|
2104 +#line 532 "toke.l" |
|
2105 { |
|
2106 #ifdef HAVE_SELINUX |
|
2107 LEXTRACE("ROLE "); |
|
2108 @@ -2817,7 +2821,7 @@ |
|
2109 YY_BREAK |
|
2110 case 43: |
|
2111 YY_RULE_SETUP |
|
2112 -#line 537 "toke.l" |
|
2113 +#line 541 "toke.l" |
|
2114 { |
|
2115 #ifdef HAVE_SELINUX |
|
2116 LEXTRACE("TYPE "); |
|
2117 @@ -2829,7 +2833,7 @@ |
|
2118 YY_BREAK |
|
2119 case 44: |
|
2120 YY_RULE_SETUP |
|
2121 -#line 545 "toke.l" |
|
2122 +#line 549 "toke.l" |
|
2123 { |
|
2124 #ifdef HAVE_PRIV_SET |
|
2125 LEXTRACE("PRIVS "); |
|
2126 @@ -2841,7 +2845,7 @@ |
|
2127 YY_BREAK |
|
2128 case 45: |
|
2129 YY_RULE_SETUP |
|
2130 -#line 554 "toke.l" |
|
2131 +#line 558 "toke.l" |
|
2132 { |
|
2133 #ifdef HAVE_PRIV_SET |
|
2134 LEXTRACE("LIMITPRIVS "); |
|
2135 @@ -2853,7 +2857,7 @@ |
|
2136 YY_BREAK |
|
2137 case 46: |
|
2138 YY_RULE_SETUP |
|
2139 -#line 563 "toke.l" |
|
2140 +#line 567 "toke.l" |
|
2141 { |
|
2142 got_alias: |
|
2143 if (!fill(sudoerstext, sudoersleng)) |
|
2144 @@ -2864,7 +2868,7 @@ |
|
2145 YY_BREAK |
|
2146 case 47: |
|
2147 YY_RULE_SETUP |
|
2148 -#line 571 "toke.l" |
|
2149 +#line 575 "toke.l" |
|
2150 { |
|
2151 /* XXX - no way to specify digest for command */ |
|
2152 /* no command args allowed for Defaults!/path */ |
|
2153 @@ -2876,47 +2880,47 @@ |
|
2154 YY_BREAK |
|
2155 case 48: |
|
2156 YY_RULE_SETUP |
|
2157 -#line 580 "toke.l" |
|
2158 +#line 584 "toke.l" |
|
2159 { |
|
2160 digest_len = SHA224_DIGEST_LENGTH; |
|
2161 BEGIN WANTDIGEST; |
|
2162 - LEXTRACE("SHA224 "); |
|
2163 - LEXRETURN(SHA224); |
|
2164 + LEXTRACE("SHA224_TOK "); |
|
2165 + LEXRETURN(SHA224_TOK); |
|
2166 } |
|
2167 YY_BREAK |
|
2168 case 49: |
|
2169 YY_RULE_SETUP |
|
2170 -#line 587 "toke.l" |
|
2171 +#line 591 "toke.l" |
|
2172 { |
|
2173 digest_len = SHA256_DIGEST_LENGTH; |
|
2174 BEGIN WANTDIGEST; |
|
2175 - LEXTRACE("SHA256 "); |
|
2176 - LEXRETURN(SHA256); |
|
2177 + LEXTRACE("SHA256_TOK "); |
|
2178 + LEXRETURN(SHA256_TOK); |
|
2179 } |
|
2180 YY_BREAK |
|
2181 case 50: |
|
2182 YY_RULE_SETUP |
|
2183 -#line 594 "toke.l" |
|
2184 +#line 598 "toke.l" |
|
2185 { |
|
2186 digest_len = SHA384_DIGEST_LENGTH; |
|
2187 BEGIN WANTDIGEST; |
|
2188 - LEXTRACE("SHA384 "); |
|
2189 - LEXRETURN(SHA384); |
|
2190 + LEXTRACE("SHA384_TOK "); |
|
2191 + LEXRETURN(SHA384_TOK); |
|
2192 } |
|
2193 YY_BREAK |
|
2194 case 51: |
|
2195 YY_RULE_SETUP |
|
2196 -#line 601 "toke.l" |
|
2197 +#line 605 "toke.l" |
|
2198 { |
|
2199 digest_len = SHA512_DIGEST_LENGTH; |
|
2200 BEGIN WANTDIGEST; |
|
2201 - LEXTRACE("SHA512 "); |
|
2202 - LEXRETURN(SHA512); |
|
2203 + LEXTRACE("SHA512_TOK "); |
|
2204 + LEXRETURN(SHA512_TOK); |
|
2205 } |
|
2206 YY_BREAK |
|
2207 case 52: |
|
2208 YY_RULE_SETUP |
|
2209 -#line 608 "toke.l" |
|
2210 +#line 612 "toke.l" |
|
2211 { |
|
2212 BEGIN GOTCMND; |
|
2213 LEXTRACE("COMMAND "); |
|
2214 @@ -2926,7 +2930,7 @@ |
|
2215 YY_BREAK |
|
2216 case 53: |
|
2217 YY_RULE_SETUP |
|
2218 -#line 615 "toke.l" |
|
2219 +#line 619 "toke.l" |
|
2220 { |
|
2221 /* directories can't have args... */ |
|
2222 if (sudoerstext[sudoersleng - 1] == '/') { |
|
2223 @@ -2944,7 +2948,7 @@ |
|
2224 YY_BREAK |
|
2225 case 54: |
|
2226 YY_RULE_SETUP |
|
2227 -#line 630 "toke.l" |
|
2228 +#line 634 "toke.l" |
|
2229 { |
|
2230 LEXTRACE("BEGINSTR "); |
|
2231 sudoerslval.string = NULL; |
|
2232 @@ -2954,7 +2958,7 @@ |
|
2233 YY_BREAK |
|
2234 case 55: |
|
2235 YY_RULE_SETUP |
|
2236 -#line 637 "toke.l" |
|
2237 +#line 641 "toke.l" |
|
2238 { |
|
2239 /* a word */ |
|
2240 if (!fill(sudoerstext, sudoersleng)) |
|
2241 @@ -2965,7 +2969,7 @@ |
|
2242 YY_BREAK |
|
2243 case 56: |
|
2244 YY_RULE_SETUP |
|
2245 -#line 645 "toke.l" |
|
2246 +#line 649 "toke.l" |
|
2247 { |
|
2248 LEXTRACE("( "); |
|
2249 LEXRETURN('('); |
|
2250 @@ -2973,7 +2977,7 @@ |
|
2251 YY_BREAK |
|
2252 case 57: |
|
2253 YY_RULE_SETUP |
|
2254 -#line 650 "toke.l" |
|
2255 +#line 654 "toke.l" |
|
2256 { |
|
2257 LEXTRACE(") "); |
|
2258 LEXRETURN(')'); |
|
2259 @@ -2981,7 +2985,7 @@ |
|
2260 YY_BREAK |
|
2261 case 58: |
|
2262 YY_RULE_SETUP |
|
2263 -#line 655 "toke.l" |
|
2264 +#line 659 "toke.l" |
|
2265 { |
|
2266 LEXTRACE(", "); |
|
2267 LEXRETURN(','); |
|
2268 @@ -2989,7 +2993,7 @@ |
|
2269 YY_BREAK |
|
2270 case 59: |
|
2271 YY_RULE_SETUP |
|
2272 -#line 660 "toke.l" |
|
2273 +#line 664 "toke.l" |
|
2274 { |
|
2275 LEXTRACE("= "); |
|
2276 LEXRETURN('='); |
|
2277 @@ -2997,7 +3001,7 @@ |
|
2278 YY_BREAK |
|
2279 case 60: |
|
2280 YY_RULE_SETUP |
|
2281 -#line 665 "toke.l" |
|
2282 +#line 669 "toke.l" |
|
2283 { |
|
2284 LEXTRACE(": "); |
|
2285 LEXRETURN(':'); |
|
2286 @@ -3005,7 +3009,7 @@ |
|
2287 YY_BREAK |
|
2288 case 61: |
|
2289 YY_RULE_SETUP |
|
2290 -#line 670 "toke.l" |
|
2291 +#line 674 "toke.l" |
|
2292 { |
|
2293 if (sudoersleng & 1) { |
|
2294 LEXTRACE("!"); |
|
2295 @@ -3015,7 +3019,7 @@ |
|
2296 YY_BREAK |
|
2297 case 62: |
|
2298 YY_RULE_SETUP |
|
2299 -#line 677 "toke.l" |
|
2300 +#line 681 "toke.l" |
|
2301 { |
|
2302 if (YY_START == INSTR) { |
|
2303 LEXTRACE("ERROR "); |
|
2304 @@ -3030,14 +3034,14 @@ |
|
2305 YY_BREAK |
|
2306 case 63: |
|
2307 YY_RULE_SETUP |
|
2308 -#line 689 "toke.l" |
|
2309 +#line 693 "toke.l" |
|
2310 { /* throw away space/tabs */ |
|
2311 sawspace = true; /* but remember for fill_args */ |
|
2312 } |
|
2313 YY_BREAK |
|
2314 case 64: |
|
2315 YY_RULE_SETUP |
|
2316 -#line 693 "toke.l" |
|
2317 +#line 697 "toke.l" |
|
2318 { |
|
2319 sawspace = true; /* remember for fill_args */ |
|
2320 sudolineno++; |
|
2321 @@ -3046,7 +3050,7 @@ |
|
2322 YY_BREAK |
|
2323 case 65: |
|
2324 YY_RULE_SETUP |
|
2325 -#line 699 "toke.l" |
|
2326 +#line 703 "toke.l" |
|
2327 { |
|
2328 if (sudoerstext[sudoersleng - 1] == '\n') { |
|
2329 /* comment ending in a newline */ |
|
2330 @@ -3063,7 +3067,7 @@ |
|
2331 YY_BREAK |
|
2332 case 66: |
|
2333 YY_RULE_SETUP |
|
2334 -#line 713 "toke.l" |
|
2335 +#line 717 "toke.l" |
|
2336 { |
|
2337 LEXTRACE("ERROR "); |
|
2338 LEXRETURN(ERROR); |
|
2339 @@ -3076,7 +3080,7 @@ |
|
2340 case YY_STATE_EOF(INDEFS): |
|
2341 case YY_STATE_EOF(INSTR): |
|
2342 case YY_STATE_EOF(WANTDIGEST): |
|
2343 -#line 718 "toke.l" |
|
2344 +#line 722 "toke.l" |
|
2345 { |
|
2346 if (YY_START != INITIAL) { |
|
2347 BEGIN INITIAL; |
|
2348 @@ -3089,10 +3093,10 @@ |
|
2349 YY_BREAK |
|
2350 case 67: |
|
2351 YY_RULE_SETUP |
|
2352 -#line 728 "toke.l" |
|
2353 +#line 732 "toke.l" |
|
2354 ECHO; |
|
2355 YY_BREAK |
|
2356 -#line 3095 "lex.sudoers.c" |
|
2357 +#line 3099 "lex.sudoers.c" |
|
2358 |
|
2359 case YY_END_OF_BUFFER: |
|
2360 { |
|
2361 @@ -3983,7 +3987,7 @@ |
|
2362 return 0; |
|
2363 } |
|
2364 #endif |
|
2365 -#line 728 "toke.l" |
|
2366 +#line 732 "toke.l" |
|
2367 |
|
2368 struct path_list { |
|
2369 SLIST_ENTRY(path_list) entries; |
|
2370 diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.l sudo-1.8.9p5/plugins/sudoers/toke.l |
|
2371 --- sudo-1.8.9p5.old/plugins/sudoers/toke.l 2014-01-07 19:08:50.000000000 +0100 |
|
2372 +++ sudo-1.8.9p5/plugins/sudoers/toke.l 2014-04-10 15:20:34.467610395 +0200 |
|
2373 @@ -69,6 +69,11 @@ |
|
2374 # include <ndir.h> |
|
2375 # endif |
|
2376 #endif |
|
2377 +#ifdef HAVE_SHA224UPDATE |
|
2378 +# include <sha2.h> |
|
2379 +#else |
|
2380 +# include "compat/sha2.h" |
|
2381 +#endif |
|
2382 #include <errno.h> |
|
2383 #include <ctype.h> |
|
2384 #include "sudoers.h" |
|
2385 @@ -76,7 +81,6 @@ |
|
2386 #include "toke.h" |
|
2387 #include <gram.h> |
|
2388 #include "lbuf.h" |
|
2389 -#include "sha2.h" |
|
2390 #include "secure_path.h" |
|
2391 |
|
2392 int sudolineno; /* current sudoers line number. */ |
|
2393 @@ -580,29 +584,29 @@ |
|
2394 sha224 { |
|
2395 digest_len = SHA224_DIGEST_LENGTH; |
|
2396 BEGIN WANTDIGEST; |
|
2397 - LEXTRACE("SHA224 "); |
|
2398 - LEXRETURN(SHA224); |
|
2399 + LEXTRACE("SHA224_TOK "); |
|
2400 + LEXRETURN(SHA224_TOK); |
|
2401 } |
|
2402 |
|
2403 sha256 { |
|
2404 digest_len = SHA256_DIGEST_LENGTH; |
|
2405 BEGIN WANTDIGEST; |
|
2406 - LEXTRACE("SHA256 "); |
|
2407 - LEXRETURN(SHA256); |
|
2408 + LEXTRACE("SHA256_TOK "); |
|
2409 + LEXRETURN(SHA256_TOK); |
|
2410 } |
|
2411 |
|
2412 sha384 { |
|
2413 digest_len = SHA384_DIGEST_LENGTH; |
|
2414 BEGIN WANTDIGEST; |
|
2415 - LEXTRACE("SHA384 "); |
|
2416 - LEXRETURN(SHA384); |
|
2417 + LEXTRACE("SHA384_TOK "); |
|
2418 + LEXRETURN(SHA384_TOK); |
|
2419 } |
|
2420 |
|
2421 sha512 { |
|
2422 digest_len = SHA512_DIGEST_LENGTH; |
|
2423 BEGIN WANTDIGEST; |
|
2424 - LEXTRACE("SHA512 "); |
|
2425 - LEXRETURN(SHA512); |
|
2426 + LEXTRACE("SHA512_TOK "); |
|
2427 + LEXRETURN(SHA512_TOK); |
|
2428 } |
|
2429 |
|
2430 sudoedit { |