I have a need to provide ssh client binaries for use elsewhere on several platforms, some without /dev/random support. I can't assume that users will know how to install/run prngd or egd, so I was planning to rely on the builtin prng code. However this require the ssh_prng_cmds file to exist in a fixed location -- which would mean making binaries which either look for it in . or other similar hacks. To avoid this I altered entropy.c to include a copy (as a string) of the ssh_prng_cmds generated by configure and use that if the file can't be opened -- at a cost of about +2K to the client size.. (I considered having a command line option to specify the location but that would mean changes in too many other places). Having got some working code, it took me some time to spot that debug/verbose do nothing in init_rng() since it is called before options processing. It is also called before giving up any privelage. Is this right? Would it be safe to move the call to init_rng() to later when we have options and have dropped priv? I don't know which calls need the rng to have already been initialized. My current patch possibly isn't the right way to do some of this (like the generation of the string from the ssh_prng_cmds file or the hack function I dropped in the place of the fgets() call). [ I'm not including the patch itself in case there is already a better solution. ] -- Jon Peatfield, DAMTP, Computer Officer, University of Cambridge Telephone: +44 1223 3 37852 Mail: J.S.Peatfield at damtp.cam.ac.uk
On Sun, Mar 11, 2001 at 06:51:36PM +0000, Jon Peatfield wrote:> I have a need to provide ssh client binaries for use elsewhere on > several platforms, some without /dev/random support. I can't assume > that users will know how to install/run prngd or egd, so I was > planning to rely on the builtin prng code. However this require the > ssh_prng_cmds file to exist in a fixed location -- which would mean > making binaries which either look for it in . or other similar hacks.That won't be the only file that you'll need to locate if you want to to relocate your binaries. You might want to take a look at my simple binary relocation program http://www.bell-labs.com/project/nsbd/breloc.html which works by configuring binaries with a prefix with a bunch of extra slashes and doing binary edits to relocate the compiled-in paths at which to find support files. - Dave Dykstra
J.S.Peatfield at damtp.cam.ac.uk
2001-Mar-12 17:56 UTC
prng_cmds/init_rng() question/patch
For the ssh client (only at least) it does seem to be the only dependency on a fixed path. In the past we distributed ssh-1 binaries which worked fine in many places, and with the patch the ssh from openssh-251 also seems to work fine on its own. Of course the daemon would take more effort to relocate but I don't expect sshd to be run by users... [we provide common ssh binaries for users' to take to remote locations where they may not find ssh already installed so they can use it to connect back here. Normally I'd expect ssh to be properly installed, but I can't assume much about the random places that our users seem to need to visit.]
Is there anything like this atm which uses the web server as a proxy? For example, say that I'm behind a firewall at work, and the "security policy" disallows ssh. Say that I need to access a CVS repository (another blocked port) to get up to date on, say, OpenSSH... scp/sftp aren't exactly in the scope of this question, but... ;) After all, I could always do a cvs update and tar up the results to place on a web page... Hopefully someone will follow what I'd like to do. (Basically, my job... ;/ ) --Matt> -----Original Message----- > From: Gert Doering [mailto:gert at greenie.muc.de] > Sent: Monday, March 12, 2001 11:39 AM > To: J.S.Peatfield at damtp.cam.ac.uk; dwd at bell-labs.com > Cc: openssh-unix-dev at mindrot.org > Subject: Re: prng_cmds/init_rng() question/patch > > > Hi, > > On Mon, Mar 12, 2001 at 05:56:19PM +0000, > J.S.Peatfield at damtp.cam.ac.uk wrote: > > [we provide common ssh binaries for users' to take to > remote locations where > > they may not find ssh already installed so they can use it > to connect back > > here. Normally I'd expect ssh to be properly installed, > but I can't assume > > much about the random places that our users seem to need to visit.] > > What about using things like Mindterm's Java ssh client? > Just point the > browser to your web server, get a ssh client, log into machine... > > gert > -- > USENET is *not* the non-clickable part of WWW! > > //www.muc.de/~gert/ > Gert Doering - Munich, Germany > gert at greenie.muc.de > fax: +49-89-35655025 > gert.doering at physik.tu-muenchen.de >
Since I've had no replies suggesting that it either is safe to move
the init_rng() call (to after we lose privelage) or any other sensible
way to achieve what I was trying to do (have a standalone ssh client
which needs no support files in fixed places), I may as well post my
patch in case anyone can spot any structural problems with it or
suggest better ways to do some bits. I've tested that it works on a
small set of patforms (Tru64, Solaris-2.6, irix6.5, Linux (with
/dev/random disabled for testing).
--cut-here--
*** entropy.c.orig Sun Mar 11 14:46:41 2001
--- entropy.c Sun Mar 11 15:25:40 2001
***************
*** 641,646 ****
--- 641,671 ----
RAND_add(&seed, sizeof(seed), 0.0);
}
+ /* include the "string" of commands we generated elsewhere
2001-03-10 JSP */
+ #include "ssh_prng_cmds.string"
+
+ char *index (const char *s, int c);
+
+ /* Hack function */
+ char *my_getline(char *s, int len, FILE *f, char **str)
+ {
+ char *ptr;
+ if (f) { /* Call fgets like original one did */
+ return (fgets(s, len, f));
+ }
+
+ ptr = index(*str, '\n');
+ if (ptr) {
+ int n = ptr - *str;
+ if (n > len) n = len;
+ strncpy(s, *str, n);
+ debug("read builtin cmd: %.100s", s);
+ *str = ptr+1;
+ return s; /* return what we copied */
+ } else {
+ return NULL; /* EOF */
+ }
+ }
/*
* entropy command initialisation functions
***************
*** 658,667 ****
int cur_cmd = 0;
double est;
entropy_source_t *entcmd;
f = fopen(cmdfilename, "r");
if (!f) {
! fatal("couldn't read entropy commands file %.100s: %.100s",
cmdfilename, strerror(errno));
}
--- 681,691 ----
int cur_cmd = 0;
double est;
entropy_source_t *entcmd;
+ char *cmds_ptr=builtin_prng_cmds;
f = fopen(cmdfilename, "r");
if (!f) {
! verbose("WARNING: couldn't read entropy commands file
%.100s: %.100s",
cmdfilename, strerror(errno));
}
***************
*** 670,676 ****
/* Read in file */
linenum = 0;
! while (fgets(line, sizeof(line), f)) {
int arg;
char *argv;
--- 694,700 ----
/* Read in file */
linenum = 0;
! while (my_getline(line, sizeof(line), f, &cmds_ptr)) {
int arg;
char *argv;
*** Makefile.in.orig Sun Mar 11 15:26:17 2001
--- Makefile.in Sun Mar 11 15:35:13 2001
***************
*** 76,88 ****
manpages: $(MANPAGES)
! $(LIBSSH_OBJS): config.h
$(SSHOBJS): config.h
$(SSHDOBJS): config.h
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
$(LIBCOMPAT): config.h
(cd openbsd-compat; $(MAKE))
--- 76,95 ----
manpages: $(MANPAGES)
! $(LIBSSH_OBJS): config.h ssh_prng_cmds.string
$(SSHOBJS): config.h
$(SSHDOBJS): config.h
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+ ssh_prng_cmds.string:
+ if [ -f ssh_prng_cmds ]; then \
+ $(PERL) $(srcdir)/mkstring < ssh_prng_cmds > $@; \
+ else \
+ touch $@; \
+ fi;
+
LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
$(LIBCOMPAT): config.h
(cd openbsd-compat; $(MAKE))
***************
*** 132,138 ****
distclean: clean
(cd openbsd-compat; $(MAKE) distclean)
! rm -f Makefile config.h config.status ssh_prng_cmds *~
mrproper: distclean
--- 139,145 ----
distclean: clean
(cd openbsd-compat; $(MAKE) distclean)
! rm -f Makefile config.h config.status ssh_prng_cmds ssh_prng_cmds.string *~
mrproper: distclean
*** mkstring.orig Sun Mar 11 15:38:59 2001
--- mkstring Sun Mar 11 15:39:43 2001
***************
*** 0 ****
--- 1,10 ----
+ #! /usr/bin/perl
+ #
+ # Is there a *standard* way to do this? 2001-03-10 JSP
+ print "static char *builtin_prng_cmds = \"";
+ while (<>) {
+ next if /^(\#|\s*$)/;
+ s/"/\\"/g;
+ chop; print "$_\\n";
+ }
+ print "\";\n";
--cut-here--
Of course I don't expect it to be included in any future release, but
at least I may get some feedback about the code :-)
--
Jon Peatfield, DAMTP, Computer Officer, University of Cambridge
Telephone: +44 1223 3 37852 Mail: J.S.Peatfield at damtp.cam.ac.uk