I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd version even use autocrap?
--- openssh-4.2p1/auth-rhosts.c~ 2005-07-17 08:22:45.000000000 +0100
+++ openssh-4.2p1/auth-rhosts.c 2006-01-07 18:14:32.000000000 +0000
@@ -289,7 +289,9 @@ auth_rhosts2(struct passwd *pw, const ch
auth_debug_reset();
ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
+#ifdef USE_PRIVSEP
if (!use_privsep)
+#endif
auth_debug_send();
return ret;
}
--- openssh-4.2p1/auth2.c~ 2005-07-17 08:26:44.000000000 +0100
+++ openssh-4.2p1/auth2.c 2006-01-07 18:52:24.000000000 +0000
@@ -175,8 +175,10 @@ input_userauth_request(int type, u_int32
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
+#ifdef USE_PRIVSEP
if (use_privsep)
mm_inform_authserv(service, style);
+#endif
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
--- openssh-4.2p1/config.h.in~ 2005-09-01 10:15:22.000000000 +0100
+++ openssh-4.2p1/config.h.in 2006-01-07 17:44:23.000000000 +0000
@@ -152,6 +152,9 @@
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
+/* Use privilege separation */
+#undef USE_PRIVSEP
+
/* non-privileged user for privilege separation */
#undef SSH_PRIVSEP_USER
--- openssh-4.2p1/configure.ac~ 2005-08-31 17:59:49.000000000 +0100
+++ openssh-4.2p1/configure.ac 2006-01-07 18:41:38.000000000 +0000
@@ -1873,6 +1873,16 @@ AC_ARG_WITH(entropy-timeout,
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+use_privsep=1
+
+AC_ARG_WITH(privsep,
+ [ --without-privsep Disable privilege separation],
+ [
+ if test "x$withval" = "xno" ; then
+ use_privsep=""
+ fi
+ ]
+)
SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege
separation],
@@ -1880,13 +1890,20 @@ AC_ARG_WITH(privsep-user,
if test -n "$withval" && test "x$withval" !=
"xno" && \
test "x${withval}" != "xyes"; then
SSH_PRIVSEP_USER=$withval
+ use_privsep=1
fi
]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
-AC_SUBST(SSH_PRIVSEP_USER)
+if test ! -z "$use_privsep" ; then
+ AC_DEFINE(USE_PRIVSEP)
+ AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+ AC_SUBST(SSH_PRIVSEP_USER)
+ PRIVSEP_MSG=yes
+else
+ PRIVSEP_MSG=no
+fi
-# We do this little dance with the search path to insure
+# We do this little dance with the search path to ensure
# that programs that we select for use by installed programs
# (which may be run by the super-user) come from trusted
# locations before they come from the user's private area.
@@ -3434,7 +3451,10 @@ echo " Configuration files
echo " Askpass program: $E"
echo " Manual pages: $F"
echo " PID file: $G"
+
+if test ! -z "$use_privsep" ; then
echo " Privilege separation chroot path: $H"
+fi
if test "x$external_path_file" = "x/etc/login.conf" ; then
echo " At runtime, sshd will use the path defined in
$external_path_file"
echo " Make sure the path to scp is present, otherwise scp will not
work"
--- openssh-4.2p1/monitor.c~ 2005-07-17 08:53:31.000000000 +0100
+++ openssh-4.2p1/monitor.c 2006-01-07 18:40:42.000000000 +0000
@@ -69,6 +69,8 @@ RCSID("$OpenBSD: monitor.c,v 1.63 2005/0
static Gssctxt *gsscontext = NULL;
#endif
+#ifdef USE_PRIVSEP
+
/* Imports */
extern ServerOptions options;
extern u_int utmp_len;
@@ -1916,3 +1918,5 @@ mm_answer_gss_userok(int sock, Buffer *m
return (authenticated);
}
#endif /* GSSAPI */
+
+#endif /* USE_PRIVSEP */
--- openssh-4.2p1/monitor_mm.c~ 2004-10-06 14:15:44.000000000 +0100
+++ openssh-4.2p1/monitor_mm.c 2006-01-07 18:39:36.000000000 +0000
@@ -35,6 +35,8 @@ RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004
#include "log.h"
#include "monitor_mm.h"
+#ifdef USE_PRIVSEP
+
static int
mm_compare(struct mm_share *a, struct mm_share *b)
{
@@ -343,3 +345,5 @@ mm_memvalid(struct mm_master *mm, void *
if (end > (void *)((u_char *)mm->address + mm->size))
fatal("mm_memvalid: address too large: %p", address);
}
+
+#endif
--- openssh-4.2p1/monitor_wrap.c~ 2005-07-17 08:53:31.000000000 +0100
+++ openssh-4.2p1/monitor_wrap.c 2006-01-07 18:40:15.000000000 +0000
@@ -63,6 +63,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2
#include "ssh-gss.h"
#endif
+#ifdef USE_PRIVSEP
+
/* Imports */
extern int compat20;
extern Newkeys *newkeys[];
@@ -1217,3 +1219,5 @@ mm_ssh_gssapi_userok(char *user)
return (authenticated);
}
#endif /* GSSAPI */
+
+#endif /* USE_PRIVSEP */
--- openssh-4.2p1/monitor_wrap.h~ 2005-02-08 10:52:48.000000000 +0000
+++ openssh-4.2p1/monitor_wrap.h 2006-01-07 18:49:51.000000000 +0000
@@ -29,7 +29,12 @@
#define _MM_WRAP_H_
#include "key.h"
#include "buffer.h"
+#include "config.h"
+#ifndef USE_PRIVSEP
+#define use_privsep 0
+#define PRIVSEP(x) (x)
+#else
extern int use_privsep;
#define PRIVSEP(x) (use_privsep ? mm_##x : x)
@@ -111,4 +116,6 @@ void *mm_zalloc(struct mm_master *, u_in
void mm_zfree(struct mm_master *, void *);
void mm_init_compression(struct mm_master *);
+#endif /* USE_PRIVSEP */
+
#endif /* _MM_H_ */
--- openssh-4.2p1/servconf.c~ 2005-08-12 13:11:37.000000000 +0100
+++ openssh-4.2p1/servconf.c 2006-01-07 18:13:42.000000000 +0000
@@ -102,8 +102,10 @@ initialize_server_options(ServerOptions
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
+#ifdef USE_PRIVSEP
/* Needs to be accessable in many places */
use_privsep = -1;
+#endif
}
void
@@ -230,10 +232,10 @@ fill_default_server_options(ServerOption
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+#ifdef USE_PRIVSEP
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
-
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
@@ -242,6 +244,7 @@ fill_default_server_options(ServerOption
options->compression = 0;
}
#endif
+#endif
}
@@ -799,10 +802,11 @@ parse_flag:
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
+#ifdef USE_PRIVSEP
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
-
+#endif
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
--- openssh-4.2p1/sshd.c~ 2005-07-26 12:54:56.000000000 +0100
+++ openssh-4.2p1/sshd.c 2006-01-07 18:12:40.000000000 +0000
@@ -200,9 +200,11 @@ u_int utmp_len = MAXHOSTNAMELEN;
int *startup_pipes = NULL;
int startup_pipe; /* in child */
+#ifdef USE_PRIVSEP
/* variables used for privilege separation */
int use_privsep;
struct monitor *pmonitor = NULL;
+#endif
/* global authentication context */
Authctxt *the_authctxt = NULL;
@@ -308,9 +310,10 @@ grace_alarm_handler(int sig)
{
/* XXX no idea how fix this signal handler */
+#ifdef USE_PRIVSEP
if (use_privsep && pmonitor != NULL && pmonitor->m_pid >
0)
kill(pmonitor->m_pid, SIGALRM);
-
+#endif
/* Log error and exit. */
fatal("Timeout before authentication for %s", get_remote_ipaddr());
}
@@ -536,6 +539,7 @@ demote_sensitive_data(void)
/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
}
+#ifdef USE_PRIVSEP
static void
privsep_preauth_child(void)
{
@@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt)
*/
packet_set_authenticated();
}
+#endif /* USE_PRIVSEP */
static char *
list_hostkey_types(void)
@@ -1691,10 +1696,11 @@ main(int ac, char **av)
/* prepare buffer to collect messages to display to user after login */
buffer_init(&loginmsg);
+#ifdef USE_PRIVSEP
if (use_privsep)
if (privsep_preauth(authctxt) == 1)
goto authenticated;
-
+#endif
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
@@ -1708,11 +1714,12 @@ main(int ac, char **av)
* If we use privilege separation, the unprivileged child transfers
* the current keystate and exits
*/
+#ifdef USE_PRIVSEP
if (use_privsep) {
mm_send_keystate(pmonitor);
exit(0);
}
-
+#endif
authenticated:
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_AUTH_SUCCESS);
--
dwmw2