Remove portability support for mmap

We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.

diff --git a/README.privsep b/README.privsep
index d910650c567d3a1ce6ee02283364e972959b1f5b..2120544c79730b1a58acb5a9089e48e0db0b7da4 100644 (file)
--- a/README.privsep
+++ b/README.privsep
@@ -8,10 +8,6 @@ More information is available at:
 Privilege separation is now enabled by default; see the
 UsePrivilegeSeparation option in sshd_config(5).
 
-On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
-compression must be disabled in order for privilege separation to
-function.
-
 When privsep is enabled, during the pre-authentication phase sshd will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
 and its primary group.  sshd is a pseudo-account that should not be
@@ -35,9 +31,6 @@ privsep user and chroot directory:
   --with-privsep-path=xxx Path for privilege separation chroot
   --with-privsep-user=user Specify non-privileged user for privilege separation
 
-Privsep requires operating system support for file descriptor passing.
-Compression will be disabled on systems without a working mmap MAP_ANON.
-
 PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, 
 HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
 

diff --git a/TODO b/TODO
index 645787a6c4bf446521c67fdbb97eb6720e68f348..f22c7e224b863ae61203ee39652727366d20c8eb 100644 (file)
--- a/TODO
+++ b/TODO
@@ -69,10 +69,6 @@ Packaging:
   (gilbert.r.loomis@saic.com)
 
 PrivSep Issues:
-- mmap() issues.
-  + /dev/zero solution (Solaris)
-  + No/broken MAP_ANON (Irix)
-  + broken /dev/zero parse (Linux)
 - PAM
   + See above PAM notes
 - AIX

diff --git a/configure.ac b/configure.ac
index f6b56db1769b63bf2cf5e720a950a36b07690f53..f5e13781284a96aa4d05acd21ed349585f430765 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1137,7 +1137,6 @@ mips-sony-bsd|mips-sony-newsos4)
 
 *-*-ultrix*)
        AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
-       AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
        AC_DEFINE([NEED_SETPGRP])
        AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
        ;;
@@ -1708,7 +1707,6 @@ AC_CHECK_FUNCS([ \
        memmove \
        memset_s \
        mkdtemp \
-       mmap \
        ngetaddrinfo \
        nsleep \
        ogetaddrinfo \

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 7f7368aa3e971fd99ee1eb72f34b52ba229e2f82..eedbd9eec3323d86227e5ebe86d433f913f6082b 100644 (file)
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 
 OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
 
-COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
 
 PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 

diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 0de07e9c3379a47414f35c0cd5a369285ab21c2b..2e56203e14b97da5810c1662c923238a5aa50585 100644 (file)
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -297,7 +297,6 @@ int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
 void explicit_bzero(void *p, size_t n);
 #endif
 
-void *xmmap(size_t size);
 char *xcrypt(const char *password, const char *salt);
 char *shadow_pw(struct passwd *pw);
 

diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
deleted file mode 100644 (file)
index 262a790..0000000
--- a/openbsd-compat/xmmap.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2002 Tim Rice.  All rights reserved.
- * MAP_FAILED code by Solar Designer.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <sys/stat.h>
-
-#ifdef HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-#include <errno.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "log.h"
-
-void *
-xmmap(size_t size)
-{
-#ifdef HAVE_MMAP
-       void *address;
-
-# ifdef MAP_ANON
-       address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
-           -1, (off_t)0);
-# else
-       address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
-           open("/dev/zero", O_RDWR), (off_t)0);
-# endif
-
-#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
-       if (address == (void *)MAP_FAILED) {
-               char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
-               int tmpfd;
-               mode_t old_umask;
-
-               old_umask = umask(0177);
-               tmpfd = mkstemp(tmpname);
-               umask(old_umask);
-               if (tmpfd == -1)
-                       fatal("mkstemp(\"%s\"): %s",
-                           MM_SWAP_TEMPLATE, strerror(errno));
-               unlink(tmpname);
-               if (ftruncate(tmpfd, size) != 0)
-                       fatal("%s: ftruncate: %s", __func__, strerror(errno));
-               address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
-                   tmpfd, (off_t)0);
-               close(tmpfd);
-       }
-
-       return (address);
-#else
-       fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
-           __func__);
-#endif /* HAVE_MMAP */
-
-}
-