From bd393de91cc39fc04033caa53ada48aa34df9607 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Tue, 9 Oct 2018 19:27:42 +0000
Subject: [PATCH] Fix portability issues with the Capsicum patch committed in
 r339216:

- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
  on FreeBSD i386.
- Use a temporary variable to deserialize size_t.

Approved by:	re (gjb)
---
 crypto/openssh/monitor.c             |  6 ++++++
 crypto/openssh/monitor_wrap.c        |  4 ++++
 crypto/openssh/monitor_wrap.h        |  8 ++++----
 crypto/openssh/sshbuf-getput-basic.c | 18 +++++++++++++-----
 crypto/openssh/sshbuf.h              |  9 ++++++++-
 5 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c
index 3c0c2339394..1913b1f8a1e 100644
--- a/crypto/openssh/monitor.c
+++ b/crypto/openssh/monitor.c
@@ -114,7 +114,9 @@ static struct sshbuf *child_state;
 
 int mm_answer_moduli(int, struct sshbuf *);
 int mm_answer_sign(int, struct sshbuf *);
+#ifdef HAVE_LOGIN_CAP
 int mm_answer_login_getpwclass(int, struct sshbuf *);
+#endif
 int mm_answer_pwnamallow(int, struct sshbuf *);
 int mm_answer_auth2_read_banner(int, struct sshbuf *);
 int mm_answer_authserv(int, struct sshbuf *);
@@ -190,7 +192,9 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
 #endif
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+#ifdef HAVE_LOGIN_CAP
     {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass},
+#endif
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
@@ -709,6 +713,7 @@ mm_answer_sign(int sock, struct sshbuf *m)
 	return (0);
 }
 
+#ifdef HAVE_LOGIN_CAP
 int
 mm_answer_login_getpwclass(int sock, struct sshbuf *m)
 {
@@ -748,6 +753,7 @@ mm_answer_login_getpwclass(int sock, struct sshbuf *m)
 
 	return (0);
 }
+#endif
 
 /* Retrieves the password entry and also checks if the user is permitted */
 
diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c
index 7cd20089d9c..bb458f13148 100644
--- a/crypto/openssh/monitor_wrap.c
+++ b/crypto/openssh/monitor_wrap.c
@@ -247,6 +247,7 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
 	return (0);
 }
 
+#ifdef HAVE_LOGIN_CAP
 login_cap_t *
 mm_login_getpwclass(const struct passwd *pwent)
 {
@@ -286,7 +287,9 @@ mm_login_getpwclass(const struct passwd *pwent)
 
 	return (lc);
 }
+#endif
 
+#ifdef HAVE_LOGIN_CAP
 void
 mm_login_close(login_cap_t *lc)
 {
@@ -297,6 +300,7 @@ mm_login_close(login_cap_t *lc)
 	free(lc->lc_cap);
 	free(lc);
 }
+#endif
 
 struct passwd *
 mm_getpwnamallow(const char *username)
diff --git a/crypto/openssh/monitor_wrap.h b/crypto/openssh/monitor_wrap.h
index 248dac5c3bb..5b5dea1ed82 100644
--- a/crypto/openssh/monitor_wrap.h
+++ b/crypto/openssh/monitor_wrap.h
@@ -28,8 +28,6 @@
 #ifndef _MM_WRAP_H_
 #define _MM_WRAP_H_
 
-#include <login_cap.h>
-
 extern int use_privsep;
 #define PRIVSEP(x)	(use_privsep ? mm_##x : x)
 
@@ -46,9 +44,11 @@ DH *mm_choose_dh(int, int, int);
 int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
     const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
+#ifdef HAVE_LOGIN_CAP
+struct login_cap *mm_login_getpwclass(const struct passwd *pwd);
+void mm_login_close(struct login_cap *lc);
+#endif
 struct passwd *mm_getpwnamallow(const char *);
-login_cap_t *mm_login_getpwclass(const struct passwd *pwd);
-void mm_login_close(login_cap_t *lc);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
diff --git a/crypto/openssh/sshbuf-getput-basic.c b/crypto/openssh/sshbuf-getput-basic.c
index ef56931d522..70ee303a23e 100644
--- a/crypto/openssh/sshbuf-getput-basic.c
+++ b/crypto/openssh/sshbuf-getput-basic.c
@@ -482,7 +482,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent)
 	    (r = sshbuf_put_cstring(buf, "*")) != 0 ||
 	    (r = sshbuf_put_u32(buf, pwent->pw_uid)) != 0 ||
 	    (r = sshbuf_put_u32(buf, pwent->pw_gid)) != 0 ||
-	    (r = sshbuf_put_u64(buf, pwent->pw_change)) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	    (r = sshbuf_put_time(buf, pwent->pw_change)) != 0 ||
+#endif
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	    (r = sshbuf_put_cstring(buf, pwent->pw_gecos)) != 0 ||
 #endif
@@ -491,7 +493,9 @@ sshbuf_put_passwd(struct sshbuf *buf, const struct passwd *pwent)
 #endif
 	    (r = sshbuf_put_cstring(buf, pwent->pw_dir)) != 0 ||
 	    (r = sshbuf_put_cstring(buf, pwent->pw_shell)) != 0 ||
-	    (r = sshbuf_put_u64(buf, pwent->pw_expire)) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	    (r = sshbuf_put_time(buf, pwent->pw_expire)) != 0 ||
+#endif
 	    (r = sshbuf_put_u32(buf, pwent->pw_fields)) != 0) {
 		return r;
 	}
@@ -505,8 +509,8 @@ struct passwd *
 sshbuf_get_passwd(struct sshbuf *buf)
 {
 	struct passwd *pw;
+	u_int64_t len;
 	int r;
-	size_t len;
 
 	/* check if size of struct passwd is as same as sender's size */
 	r = sshbuf_get_u64(buf, &len);
@@ -518,7 +522,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
 	    sshbuf_get_cstring(buf, &pw->pw_passwd, NULL) != 0 ||
 	    sshbuf_get_u32(buf, &pw->pw_uid) != 0 ||
 	    sshbuf_get_u32(buf, &pw->pw_gid) != 0 ||
-	    sshbuf_get_u64(buf, &pw->pw_change) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	    sshbuf_get_time(buf, &pw->pw_change) != 0 ||
+#endif
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	    sshbuf_get_cstring(buf, &pw->pw_gecos, NULL) != 0 ||
 #endif
@@ -527,7 +533,9 @@ sshbuf_get_passwd(struct sshbuf *buf)
 #endif
 	    sshbuf_get_cstring(buf, &pw->pw_dir, NULL) != 0 ||
 	    sshbuf_get_cstring(buf, &pw->pw_shell, NULL) != 0 ||
-	    sshbuf_get_u64(buf, &pw->pw_expire) != 0 ||
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	    sshbuf_get_time(buf, &pw->pw_expire) != 0 ||
+#endif
 	    sshbuf_get_u32(buf, &pw->pw_fields) != 0) {
 		sshbuf_free_passwd(pw);
 		return NULL;
diff --git a/crypto/openssh/sshbuf.h b/crypto/openssh/sshbuf.h
index 1f6f5ead213..aba18d2aa92 100644
--- a/crypto/openssh/sshbuf.h
+++ b/crypto/openssh/sshbuf.h
@@ -21,7 +21,6 @@
 #include <sys/types.h>
 #include <stdarg.h>
 #include <stdio.h>
-#include <pwd.h>
 #ifdef WITH_OPENSSL
 # include <openssl/bn.h>
 # ifdef OPENSSL_HAS_ECC
@@ -177,6 +176,14 @@ int	sshbuf_put_u32(struct sshbuf *buf, u_int32_t val);
 int	sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
 int	sshbuf_put_u8(struct sshbuf *buf, u_char val);
 
+#if defined(__FreeBSD__) && defined(__i386__)
+#define sshbuf_get_time(b, vp) sshbuf_get_u32((b), (u_int32_t *)(vp))
+#define sshbuf_put_time(b, v) sshbuf_put_u32((b), (u_int32_t)(v))
+#else
+#define sshbuf_get_time(b, vp) sshbuf_get_u64((b), (u_int64_t *)(vp))
+#define sshbuf_put_time(b, v) sshbuf_put_u64((b), (u_int64_t)(v))
+#endif
+
 /*
  * Functions to extract or store SSH wire encoded strings (u32 len || data)
  * The "cstring" variants admit no \0 characters in the string contents.
-- 
2.45.0